Things I have noticed since i 'obtained' this virus:
1. Disabled NAV - a red cross appeared over icon in system tray therefore auto protect is not running and can no longer be enabled.
2. I have a windows desktop password. On reboot, the section just before your windows user name comes up prompting for a password, where a box says (something like) 'Windows now loading', it used to blink past that and prompt me for my password, now it hangs there for around 30 seconds.
3. When I right click on 'My Computer' it no longer shows my CPU and its mhz under where memory amount is shown.
4. When I attempt to obtain "System Information" in accessories i get a message saying "Cannot access Windows Management Instrumentation software. Windows Management files may be moved or missing".
5. system32 folder opens up on desktop on reboot [seem to have resolved this by unchecking two items in msconfig named simply with two quotation marks -> "" ]
Have now reinstalled Norton but it was troublesome. Were errors and freezes during installation but on the 3rd attempt it is now reinstalled, updated and auto protecting.
Measures I have taken since obtaining virus:
1. Ran full updated: Spybot, Ad Aware SE, CWS Shredder, housecall at trendmicro, NoAdware.net, Spyware Doctor, ewido security, latest mcafee avert stinger, ran cleanup40 and the Panda online scan, SYSTEM RESTORE OFF [*SEE REPORT BELOW* - it has detected W32/gaobot.fyg.worm and HackTool/gendel.a], ran NAV2005, SYSTEM RESTORE OFF, no detections, NAV isnt detecting the C:\gendel32 file which panda detected as a virus.
*Panda Online Scan Report*
Incident Status Location
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\dupe fork bags wipe\readmeaxis.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\dupe fork bags wipe\stupidpart.exe
Virus:W32/Gaobot.FYG.worm Disinfected C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\default.eog\Cache\2DC2D7B7d01
Virus:HackTool/Gendel.A No disinfected C:\gendel32.exe
I have deleted the "C:\Documents and Settings\All Users\Application Data\dupe fork bags wipe" folder which contained the two files readmeaxis.exe and stupidart.exe and the C:\gendel32.exe file but have not attempted to do anything with that SaveNow Windows Registry entry.
What would u like me to do next (ps. i have HJT installed on my hard drive and not the temp folder, ready to go)
Thanks and a big HI! from New Zealand
*edit, apart from the problems above still existing, have noticed also that I am having trouble installing software. When i went to run O&O Defrag it said it would not run as the target machine actively rufused it, I uninstalled it, which was pretty dodgy as it froze at a certain point so i left it and came back about 15 mins later and it appeared to have uninstalled. On attempting to reinstall the program it would get so far and stop installing. I restarted and tried 3 to 4 times, it would get to the same point and stop installing, so i went and downloaded a newer version of the program, O&O Defrag 8. Same thing, it would get so far and stop installing, so i left it for half an hour and came back and there was a message saying windows installer had not completed the task, its icon was on the desktop though and when i ran it, it said what it did originally that the target machine has actively refused it, please help !!
Edited by brad3458, 10 May 2005 - 04:55 AM.