Re: a new virus??

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 10/10/04 

Date: Sun, 10 Oct 2004 08:32:38 -0400

Norman must have properly disposed of the indicated infector -- That's good !

The reason that Safe Mode is suggested is that it loads a limited version of the Operating
System and will not load most infectors and/or parasites and thus scanning in Safe Mode
increases the efficacy of the removal process.

Dave

"anja" <anja@discussions.microsoft.com> wrote in message
news:E6542CB4-F0EC-4785-B5F5-F4405B41CC13@microsoft.com...
| hi dave and lanwench!!
| i did what dave suggested me to do. i went to trendmicro pages and
| downloaded those files and did twice the cleaning. no viruses were found. why
| this?? is it because of norman put that virus into guarantine?? what is a
| difference between a safe mode and a common mode which is in use??
|
| lanwench, i have a personal firewall, but unfortunately backups are
| something i don't do. maybe after this i should.....
| thank you everybody for all your help i got. THANKS
|
| "Lanwench [MVP - Exchange]" wrote:
|
| > Try getting a second opinion at http://housecall.antivirus.com
| > Do you do regular backups of your data? You should...as well as keeping your
| > OS patched via Windows Update and using a good firewall.
| >
| > anja wrote:
| > > hi dave and cris!
| > > i already did what cris told me to do. i ran antivirus program in
| > > safe mode and it could not find any viruses. what does this mean??
| > > dave, your advices are so complicated that i have to try it later.
| > > i'm not very convinient to do this kind of "programming". i will
| > > inform you after trying :-). i'm afraid of that my computer will be
| > > out of the game. thank you once more.
| > > anja
| > >
| > > "David H. Lipman" wrote:
| > >
| > >> Anja, please post your results.
| > >>
| > >> Dave
| > >>
| > >>
| > >>
| > >>
| > >> "anja" <anja@discussions.microsoft.com> wrote in message
| > >> news:EC385421-D7C9-4745-9851-0D1AE0AF7BD3@microsoft.com...
| > >>> thank you so much both of you cris and dave.
| > >>> cris, i also checked this new virus from net and it seems to be so
| > >>> that any of available antivirus programs don't know this type of
| > >>> gaobot. i found that there are severe other gaobot viruses, but not
| > >>> this one. i will try to clean my computer according dave's advices.
| > >>> thank you once more cris and dave.
| > >>>
| > >>>
| > >>> "David H. Lipman" wrote:
| > >>>
| > >>>> 1) Download the following two items...
| > >>>>
| > >>>> Trend Sysclean Package
| > >>>> http://www.trendmicro.com/download/dcs.asp
| > >>>>
| > >>>> Latest Trend signature files.
| > >>>> http://www.trendmicro.com/download/pattern.asp
| > >>>>
| > >>>> Create a directory.
| > >>>> On drive "C:\"
| > >>>> (e.g., "c:\New Folder")
| > >>>> or the desktop
| > >>>> (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
| > >>>>
| > >>>> Download sysclean.com and place it in that directory.
| > >>>> Dowload the signature files (pattern files) by obtaining the ZIP
| > >>>> file.
| > >>>> For example; lpt192.zip
| > >>>>
| > >>>> Extract the contents of the ZIP file and place the contents in the
| > >>>> same directory as sysclean.com.
| > >>>>
| > >>>> 2) If you are using WinME or WinXP, disable System Restore
| > >>>>
| > >>>> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm 3)
| > >>>> Reboot your PC into Safe Mode 4) Using the Trend Sysclean
| > >>>> utility, perform a Full Scan of your platform and
| > >>>> clean/delete any infectors found 5) Restart your PC and
| > >>>> perform a "final" Full Scan of your platform 6) If you are
| > >>>> using WinME or WinXP,Re-enable System Restore and
| > >>>> re-apply any System Restore preferences, (e.g. HD space to use
| > >>>> suggested 400 ~ 600MB), 7) Reboot your PC. 8) If you are
| > >>>> using WinME or WinXP, create a new Restore point 9) Please
| > >>>> report back your results
| > >>>>
| > >>>> Dave
| > >>>>
| > >>>>
| > >>>>
| > >>>>
| > >>>> "anja" <anja@discussions.microsoft.com> wrote in message
| > >>>> news:42D21C26-9967-4C9F-9660-2E78EF3AEE7A@microsoft.com...
| > >>>>> hi everybody!
| > >>>>> could someone help me? i have norman virus program and firewall,
| > >>>>> but it found a new virus and cannot remove it. the new virus is:
| > >>>>> W32/gaobot.AED. please, help me. i'm in a panic and don't know
| > >>>>> what to do. does someone else this same problem?
| > >>>>> thank you forward.
| > >>>>> anja
| >
| >
| >

Relevant Pages

  • Re: a new virus??
    ... i did what dave suggested me to do. ... >> i already did what cris told me to do. ... >> safe mode and it could not find any viruses. ...
    (microsoft.public.security.virus)
  • Re: Bunch of old farts.
    ... ' There was Cris, ... together in a carriage in a train going through Tasmania. ... When the train came out of the tunnel, Sandy and Dave were sitting as ...
    (rec.skydiving)
  • Re: Is this Smitfraud?
    ... Thanks Dave. ... I thought that might be the solution but the email sending made ... > It is suggested that you execute each tool in Normal Mode then in Safe Mode. ... > you are are strongly urged to remove any/all versions that are prior to JRE ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Virus that causes a lot of traffic ?
    ... Thank you very much for the offer to email you, Dave. ... They decided for now not to use this 1 machine that has the most viruses (. ... my plan was to follow your suggestion to boot in safe mode and run ... > | Restore and re-apply any ...
    (microsoft.public.win2000.general)
  • Re: took lightning hit - server 2003 bootup errors
    ... driver irql errors like that can be from damaged memory, device controllers, etc. if you got into safe mode copy off whatever you can get to backup media and hope that its intact, then restore to a new box... ... I was able to get it into Safe Mode, ... I had help installing the operating system and till now it's worked perfectly. ... I agree with Dave, though. ...
    (microsoft.public.windows.server.setup)