GAOBOT ENG VIRUS

  old-timer 12:08 19 Jan 04
Locked

My sister-in law has a Packard Bell computer, running XP, which has been infected by the Gaobot Eng virus. This virus was discovered whilst running NAV online. The effects of the virus are two files in System32, and a registry entry.

As she didn't have a virus program, I persuaded her to get Norton 2004. While installing and doing the virus scan, no viruses were found.(Obviously the virus was not around when the AV disk was cut). We have loaded all the updates from Symantec, but cannot run the AV.

It appears one of the characteristics of the virus, is to prevent Anti-virus software running on the machine. It also prevents REGEDIT from running.

Upon looking at the Symantec site, a solution to the virus is given, however this involves running REGEDIT, which cannot be run. I have tried to delete the two files, but the system says cannot be deleted. I also tried to rename them, but now two copies of the files exist, the original and the renamed version.

There is no XP disk, as the software is held in an hidden partition on the hard disk. Attemting to restore XP, the floppy disk for booting would not work.

My problem is how to remove the Virus.

Any help would be appreciated.

  Â ÑÌÇKÑÂMË 12:15 19 Jan 04

Have you tried turning system restore off then running the Regedit in safe mode.


Regards.

  Jester2K 12:16 19 Jan 04

Reboot, when the PC beeps on start up start tapping F8. When the menu appears select Safe Mode. Run NAV in Safe Mode.

  johnnyrocker 12:20 19 Jan 04

generally with xp these are hidden in system restore files, i suspect your problem was due to trying to install norton on an infected machine sugeest disable system restore and get on line scan click here might also be worthwhile uninstalling norton prior to this. then installing afresh.(unless someone else knows different)!!;)

johnny.

  old-timer 12:23 19 Jan 04

Jester2k/A Nickname

I have tried to run NAV in safe mode, bit it will not run. I cannot remember the exact message, and am not based at the computer, so I cannot try.

I have tried running with System restore off..No joy.

  Jester2K 12:31 19 Jan 04

We will need that message and then EXACT name of the virus it picked up then please.

This thread is now locked and can not be replied to.

Surface Pro (2017) vs Surface Pro 4

20 groundbreaking 3D animation techniques

How to mine Bitcoin on Mac