Virus W32.Gaobot.SN - any information?

[Mjc]

For the past three or four days, every time I connect to the Internet, My Norton Virus checker tells me that it has detected - and deleted - the above virus. It advises that there are two files:- k2[1}]txt and ab62f1.exe

I have tried disabling AntiVirus and looking for these files, but they do not appear to exist.

Questions

1. What does this virus do?

2. Why can't I find the files?

3. Why does AntiVirus report them at every connection to the Internet?

Many thanks in advance.

[ChezShells]

If using XP the files may be stored where the restore files are, switch off restore (right click my computer icon and properties, in there somewhere) then run virus checker and switch restore back on, the fies should be deleted., although there can be refs in the registry to the virus, but getting rid of the exe files should be ok.
What you could do is open the registry editor (be carefull) click start and run then type regedit and do a search for the exe files and delete any lines refering to them.

The virus sends info via internet connection which is why the virus checker reports it.

more info http://www.sophos.com/virusinfo/analyses/trojdloadernr.html tells you what to look for to delete

Let us know how you get on

[Mjc]

Thanks for the information.

Unfortunately, I have not been successful in folowing your instructions.  Firstly, I could not find a reference to RESTORE under PROPERTIES of My Computer, so I skipped that part.

Then I could not find the/a list of files after running REGEDIT to enable me to find and delete the two offending files.

However, after looking at the web page you quoted, I do now know what this particular worm is trying to do.

Strangely, the last two times I have connected to the Internet, Norton AntiVirus has not reported this worm again, and a search for the two files has revealed nothing. Has the virus gone away somehow, I wonder?

Anyway, many thanks for trying to help me. It's probably my lack of software understanding that prevented me following your suggestions.

Cheers!

[derf]

To find system restore: First click on "START" bottom left hand corner of your screen, then click on "Programs", then "Accessories", then on "System Tools", then "System Restore"

[Mjc]

Thanks Les - or may I call ou Derf?

System Restore. If I do as you say, will it restore my system from the original XP CD, and if so, will all upgrades since be lost? Or is it just a simple(?) tidying up exercise which will not require any intervention nor muck anything up?

The virus has re-appeared and is not being picked up by NortonAntiVirus every time, so I have to do a SEARCH for the offending files on a periodic basis and then delete them.

 

[Eslier]

Firstly, have faith in Norton. It provides very good protection providing you keep your subscription up to date and have it set to automatically download updates.

If Norton says it has detected and DELETED the files then it has so it's no surprise that you can't find them.

As this problem only occurs when you connect to the internet it is quite likely that you have aquired some adware/malware which is automatically seeking to download the virus each time you log on to the internet, and each time it tries, Norton detects and deletes it. Norton Anti-Virus doesn't always pick up adware/spyware/malware so you will need to search this out with a special program designed to find it and delete it. One of the best available is Ad-Aware-SE which you can download free at:

http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

Download it, install it and then run it as per the instructions. You may be horified to find out just how many of these nasty little things you have in your system. I recently cleaned up my son's computer (also running Norton Anti-Virus) and managed to find and delete 251 items !

Once you have deleted all the nasties this should solve your problem. You should then ensure that your computer is protected by a good firewall. If you already have Norton Anti-Virus then you should really invest in Norton Firewall to make sure there is no clash between them.

Good luck - let us know how you get on.