[Quatro]

Well its a VERY LONG day for me today (and VERY FRUSTRATING TOO)... earlier this morning, our company was infected by W32.HLLW.Gaobot worm and it spread throughout ALL the department! Now, its the task of removing the damn virus but thing is, Norton can't remove the damn thing... I've tried downloading the Gaobot removal tool from Symantec but to no avail(well it did work on one PC but it didn't detect the Gaobot virus in other PCs)... seems like it hit the network pretty hard and now it cause a lot of chaos...

So, I need help in solving this problem... would there be any other virus removal tool that you would recommend... some tips on how to neutralize the virus from the network and in the individual PCs... and other information you guys could help out in solving this virus...

btw, some of the log that it affect aresvchost.exe and winjava.exe although there are still a lot of other exe files that are affected...

It will be a LONG NIGHT later on since we're gonna troubleshoot EVERY damn PCs in the company (just an estimate, that would be around 50++ PCs to be fix) :cuss2:

Any help would be appreciated. Thanks.

 

[JohnLai]

...., If me, I just boot in safe mode and search for the virus name and the infected files, then delete it, of course I shredding it using mcafee thingy. Next, I just delete the registry startup of the virus program by using winxpmanager(startup manager). XD. After that, I restart. But I don't know if this method can work with your virus since I just a normal PC user and 1 computer.hahaha. BTW, I think you can reinstall java back. This is because the infected files cannot be healed and it must deleted.

 

[KanedA]

did you try to scan those pcs in safe mode?

 

[Quatro]

well if you delete does exe files, won't it disrupt the system file or that exe file's function?

as for the safe mode, we'll be doing the maintenance check in a few hours... when all the employees are out of the office...

 

[JohnLai]

I don't think the deleted exe will do any harm because all tools from antivirus company are designed to delete the infected file anyways(did anyone complain from that? )So, I recommend you to test on two computers first and see either the computer have network problem or not after you deleting. Remember that you can always reinstall java back. By the ways, I never see 'aresvchost.exe'(did someone of the company's worker see porn site?)

 

[Quatro]

well so far so good... damn, it took us a lot of time to fix the damn worm... only a few ones to go... thanks for the advise everyone...

 

[n0estoy]

I've spent all day today clearing up my computer from an attack (the first i've caught in years). I highly recommend Panda online antivirus engine. It found various things that AVG and Trend Micro missed.

 

[RZetlin]

Since this is a company we are dealing with doesn't the IT deparment have their own image CD?

If they do, just reimage the infected PCs. Problem solved.

 

[Quatro]

well its already been resolved since last week... its just so annoying so we had all the PCs run in safe mode and manually delete those damn files... and do additional virus scan afterwards for whatever was missed... we also download patches to prevent further attack... although the cause of it was not known... maybe some foolish office staff did some surfing or pRon sites... geez... thanks again everyone