Impressum | Werbung

Geizhals » Forum » Security & Viren » W32.Gaobot!inf (6 Beiträge, 1779 Mal gelesen) Top-100 | Fresh-100

^ Forum  Security & Viren  #1472654 W32.Gaobot!inf bringitondown 01.05.2004, 20:39:57 wie greg i den virus bitte weg.. mit norton steht immer: zugriff verweigert oda so.. kann mir wer helfen!??!?!??! mfg ^ Forum  Security & Viren  #1472733 Re: W32.Gaobot!inf barbos 01.05.2004, 21:35:56 http://forum.geizhals.at/t243936,1442941.html#1442941 ------------------- Best Regards, Barbos. "I feel so high, I even touch the sky Above the falling rain I feel so good in my neighbourhood, so Here I come again" Bob MARLEY ^ Forum  Security & Viren  #1473148 Re: W32.Gaobot!inf rudi_ibk 02.05.2004, 06:07:23 http://www.symantec.com/avcenter/venc/data/w32.gaobot.uj.removal.tool.html ^ Forum  Security & Viren  #1473288 Re(2): W32.Gaobot!inf bringitondown 02.05.2004, 11:34:58 w32.gaobot.uj is anscheinend a anderer.. den findets halt nit, nur den goabot!inf ^ Forum  Security & Viren  #1476178 Re(2): W32.Gaobot!inf takeiteasy 03.05.2004, 17:28:11 no, this is not true. the w32.gaobot.uj removal tool doesn't work with w32.gaobot!inf virus. i'm getting crazy. i already tried cleaning the hosts but unsuccessfully. if someone knows what to do please help me! ^ Forum  Security & Viren  #1476307 Re(3): W32.Gaobot!inf Glockman 03.05.2004, 18:20:59 Hi! Unfortunately, I'm not sure in which way this variant differs from the "original" Gaobot worm, but some basic steps are: - checking the registry under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices for unknown or suspicious entries - look for files that are named similar or identical to the Windows system files but reside in directories other than the original ones (most system files are located under \Winnt\system32). Some viruses also name themselves similar to well known Anti-Virus software components. - if you're using Windows XP, use "netstat -a -o" in a cmd prompt to identify tasks that listen on TCP ports above 1023. Unknown tasks may be the virus. - try using msconfig to find tasks that are being loaded thru registry on startup If you are unable to start regedit and/or msconfig because they terminate immediately, rename the files from .exe to .com. They will still work, but the worm won't recognize them. regedit.exe can be found in \Winnt, msconfig.exe in \Winnt\PCHEALTH\HELPCTR\Binaries It's also a good idea to do an online virusscan like http://housecall.trendmicro.com/ Remember to disable the system restore "feature" in Windows XP prior to these steps as Windows will restore the infected files, making all your efforts useless. Also, disconnect your network cable/modem from your PC while performing the cleanup and enable the Internet Connection Firewall (or use another personal firewall) afterwards. PS: Nice to see english speaking participants here, too! hope that helps, greetz glockman - Ich bin ein Geek und steh dazu - This system is      Firmenkiste läuft...

 

Dieses Forum ist eine frei zugängliche Diskussionsplattform.
Der Betreiber übernimmt keine Verantwortung für den Inhalt der Beiträge und behält sich das Recht vor, Beiträge mit rechtswidrigem oder anstößigem Inhalt zu löschen.
Datenschutzerklärung