virus rewrites hosts file?

[Emmett]

I have Norton antivirus on XP Pro. I pretty well keep
everything up to date, but- got something. Computer was
locking up (screen freeze)and performing poorly. Coudn't
get through to updates or antivirus sites. Was able to
run scan on web with Trend - W32.Gaobot found &
Repaired?. Still could not get updates or view any web
sites (other than main page) about antivirus. I did some
checking on my machine and found the hosts file
(c:\windows\system32\drivers\etc\hosts) and saw a list of
sites that was the same as sites I could not access
(relative to anti-virus). I renamed the the hosts file
and created a new one with the list deleted. I was able
to run updates and get to all the norton sites, etc.
I ran a full scan and got the following report(s);

bot[1].exe W32.Gaobot.AFJ (backup copy of repaired
file)

Document.scr W32.Beagle.X@mm (backup copy of repaired
file)

soundtaskmgr W32.Goabot.AFJ (backup copy of repaired
file)

System is runnin stable, things seem to be ok, but-
Whenever I run Norton update (each day) I have to open up
the hosts file and delete the list of blocked sites - the
file keeps getting rewritten.
So it seems I still have something on the machine
rewriting th hosts file. I can't find any information at
norton (or anywhere else) on how to repair this.

Any ideas anyone?

PS. While working on my machine during the main problem I
looked over start up items (msconfig) and can't figure
out what this is-
1 1 SOFTWARE\Micosoft\Windows\CurrentVersion\Run
I have the item unchecked. Would it be safe to delete
this key and does it have anything to do with above
problem?

THANKS to all those who spend their time helping out on
these newsgroups!!!!!!!!

 

[Carey Frisch [MVP]]

Please visit the Virus Removal newsgroup experts:
news://msnews.microsoft.com/microsoft.public.security.virus

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

--------------------------------------------------------------------------


|I have Norton antivirus on XP Pro. I pretty well keep
| everything up to date, but- got something. Computer was
| locking up (screen freeze)and performing poorly. Coudn't
| get through to updates or antivirus sites. Was able to
| run scan on web with Trend - W32.Gaobot found &
| Repaired?. Still could not get updates or view any web
| sites (other than main page) about antivirus. I did some
| checking on my machine and found the hosts file
| (c:\windows\system32\drivers\etc\hosts) and saw a list of
| sites that was the same as sites I could not access
| (relative to anti-virus). I renamed the the hosts file
| and created a new one with the list deleted. I was able
| to run updates and get to all the norton sites, etc.
| I ran a full scan and got the following report(s);
|
| bot[1].exe W32.Gaobot.AFJ (backup copy of repaired
| file)
|
| Document.scr W32.Beagle.X@mm (backup copy of repaired
| file)
|
| soundtaskmgr W32.Goabot.AFJ (backup copy of repaired
| file)
|
| System is runnin stable, things seem to be ok, but-
| Whenever I run Norton update (each day) I have to open up
| the hosts file and delete the list of blocked sites - the
| file keeps getting rewritten.
| So it seems I still have something on the machine
| rewriting th hosts file. I can't find any information at
| norton (or anywhere else) on how to repair this.
|
| Any ideas anyone?
|
| PS. While working on my machine during the main problem I
| looked over start up items (msconfig) and can't figure
| out what this is-
| 1 1 SOFTWARE\Micosoft\Windows\CurrentVersion\Run
| I have the item unchecked. Would it be safe to delete
| this key and does it have anything to do with above
| problem?
|
| THANKS to all those who spend their time helping out on
| these newsgroups!!!!!!!!