Hi,

  1. please enter the virus/worm names into the boardsearch above: all have been treated extensively here in the board

  2. Apply all ServicePacks and Windowsupdates;
    change ALL your passwords, PIN’s, ebay/OnlinebankingData etc etc ever entered on this PC
    This should suffice to get rid of SASSER & GAOBOT

  3. General Advice:

Where exactly was the infected File found (full path/folder/filename, e.g. c:\Windows\system32\virusfile.exe) ?

Sometimes it’s enough to

  • clear all TEMP-folders (via drive CleanUp AND best also manually)
  • empty Temp.Int.Files folder(s) (via IE->Extras-Internetoptions->Delete files, including OFFLINE files) and
  • empty java-Cache or
  • disable system restore on Win ME/XP INCLUDING a REBOOT!! ( http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm )
    to get rid of it…

test the file with OnlineScanners e.g. from Trend, RAV & KAV (see below) to get a more specific name
(you need to temporarily pause AV-Resident Shield/Monitor/Guard to be able to scan the file online)

spybot, ad-aware and cwshredder might also help
see www.lurkhere.com ->nicefiles and www.lavasoft.de

-remove the Virus/Malware and it’s system modifications according to VirusInfos
from Avast, VGREP, TrendMicro, Kaspersky;
you might also try searching for the virus name or filename with google

general removal procedure:

  • disable system restore on Win ME/XP
  • kill respective Backdoor/Trojan process with task manager
  • search for the file/process names in the registry; remove the malware’s startup entries in the registry
  • disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot

if you still can’t remove it, you could post a logfile of Hijackthis here

-Secure your system:
change passwords, secure shares, install patches/updates for WIN&IE;
disable ActiveX and Scripting in IE except for know secure sites - and better use a secure browser like Opera or Mozilla

  • scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro/RAV to check whether your PC is clean :wink:
  • If needed, reenable system restore on Win ME/XP

Further Details and Links via the board search above


Oh yes, and now you’ve read all this:
an active GAOBOT alone warrants a complete redo of the system from scratch, as it’s compromised=not secure anymore; with 60+ viruses, even more so
This means:

  • backup of data and important settings
  • format C: or system/windows partition
  • Reinstall Win
  • Apply ALL ServicePacks & important patches/windowsupdates OFFLINE, or behind a properly configured firewall (WIN XP’s firewall should suffice, if ACTIVATED!!)
  • Password changing & secure IE still applies

But it’s you choice of course… :wink: