Win32GandaB Worm

I have been inundated with Emails from this worm. The email says it id from howard@htelephones.co.uk and the subject is nazi propaganda.

I keep deleting the email when Avast gives me the warning and I have blocked the sender on Outlook Express. But more emails come.

Today, when I ran an Avast AV scan, Windows said "ashampl"hjad caused an error and will be shut down…when I clicked OK, Avast disappeared…so is my AV programme infected…or what?

I just do not know what to do!

Please help.

That does not nessesary mean that you are infected, but you could check your Windows in safe mode, or try this remove Tool: http://www.bitdefender.com/html/virusinfo.php?menu_id=1&v_id=58

BTW: Did you apply all updates offert by windowsupdate? An updated Outlook should not execute an attachement by itself.

The attachment did not open…I was warned about the infection by Avast and anyway, I would never open any attachment unless I absolutely knew it was safe.

I did keep up to date with windows critical Updates…but Windows 98 is no longer supported.

Thanks for that link, I will use it.

I downloaded the Bitdefender tool, but noted it was to fix Ganda A and my emails are Ganda B.

Can anyone also explain why Avast AV programme should have caused an error when I was ruunning it?

I do not know why, but Bitdefender reports the b Variant as .a too.
http://www.virusbtn.com/resources/vgrep/vgrep.cgi?terms=w32%2Fganda&product=0

Nothing Has Improved…the same email continues to arrive every day and is detected by Avast and deleted by me.

I went to your page about these worms, but really do not understand if this Ganda B could have infected my PC or is it just the nuisance Emails (never opened) that are just a nuisance, but doing no more harm. I did a search for the "scandisk.exe file…but the screen told me it was not a valid file name…

Please advise what else I should do…is this little ******* residing in my PC, or does he just arrive with emails and is therefore deletable with no harm done?

You can see I am a really simple person…no technical knowledge at all…so please tell me in simple terms if there is anything else to do.

That means that you are not infected but recieve only infected Emails. So that is no problem, if you do not open it.
So you are right just delete them.

:smiley:

Well as Shakespeare once said “For that relief, much thanks”

Cheers

Gingerlily

Btw, you can use our Virus Cleaner to check for Ganda (and heal the infected files, if there are any), too.