virus w32.HLLW.Gaobot.FL

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have found this on my computer- unable to remove it with Panda or Symantec. Followed directions for manual removal, but unable to find the files that should have been there with the virus. It won't let me load antivirus software. Any suggestions?
 
1) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
2) Reboot your PC into Safe Mode
3) Using your AV software, perform a Full Scan of your platform and clean/delete any
infectors found
4) Restart your PC and perform a "final" Full Scan of your platform
5) If you are using WinME or WinXP, re-enable System Restore, reboot the PC
6) If you are using WinME or WinXP, create a new Restore point
7) Please report back your results

Dave



| I have found this on my computer- unable to remove it with Panda or Symantec. Followed
directions for manual removal, but unable to find the files that should have been there
with the virus. It won't let me load antivirus software. Any suggestions?
 
Dave- I have win2000Pro. When I try this in safe mode, I get a message that says win installer will not work in safe mode, so I am unable to to install my AV software. I think my best bet will be to reformat and do a clean install of win2000, all my programs, AV SOFTWARE and FIREWALL!!! I think I caused my own problems by being careless..... Do you agree? Thanks, Leslie

----- David H. Lipman wrote: -----

1) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
2) Reboot your PC into Safe Mode
3) Using your AV software, perform a Full Scan of your platform and clean/delete any
infectors found
4) Restart your PC and perform a "final" Full Scan of your platform
5) If you are using WinME or WinXP, re-enable System Restore, reboot the PC
6) If you are using WinME or WinXP, create a new Restore point
7) Please report back your results

Dave



| I have found this on my computer- unable to remove it with Panda or Symantec. Followed
directions for manual removal, but unable to find the files that should have been there
with the virus. It won't let me load antivirus software. Any suggestions?
 
Dave-
I was able to go to the debugging mode at start of Win2000, and this let me put my AV software back on. However, it still leaves me with the problem that even after doing online scans with both the symantec and panda software, they both identified the virus but were unable to delete it. I am doing my own scan with the software now, but I fear that it will not even see the virus. I have checked several sites online to see if this specific virus has a fix, but so far there is no notice of this virus posted, thus no fix. Should I still format and reinstall all programs? This is not a computer I keep at home, it has to have dial-up access.....
Thanks, Leslie
 
Dave-
My AV software found the virus and quarantined it. Two files were infected: winhlpp32.exe and winudptr.exe.poly - both with S32.HLLW.Gaobot.gen. An online scan had called it W32.HLLW.Gaobot.FL. Now my question is: is quarantine enough to protect my computer from being affected by this? Or should I still format and do clean install to be sure.

Thanks
Leslie
 
Eric
I have tried following the directions that Kevin Ha gave. I did not find any of the files that he had listed to look for from the virus. I was able to install my AV software, and did a full scan. It found the virus again, but was able to fix two of the infected files. I quarentined the other two, then when asked if I wanted to submit them to Symantec, I did. By the way, would you happen to know what it means when the AV software asks if I want to "strip the files" and send them to Symantec? I said no, and submitted them. I guess my main question is: have I taken care of the problem? I still plan to go to the patch site and block further access along with installing a firewall
Thanks - Leslie
 
I don't know what Kevin Ha has been suggesting (all of your posts refer to "Dave") but it sounds like you're following a procedure for a newly found virus/worm. Symantec doesn't need your files since it has already identified the virus/worm, issued an updated file definition, and written a removal procedure.

You shouldn't have to go through those steps of trial & error, simply follow the procedure already outlined by Symantec in the article that I previously referenced and you should be free of this problem. If not, then you have to get back to Symantec to identify a possible new variation of the identified virus/worm.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top