[1000programacion] remove eliminar worm 'gaobot'

• From: "tardo@xxxxxx " <tardo@xxxxxx>
• To: "1000programacion@xxxxxxxxxxxxx" <1000programacion@xxxxxxxxxxxxx>
• Date: Wed, 06 Oct 2004 19:37:27 +0100

Removing the GAOBOT Worm
Note: You must have administrative rights to run this tool on 
Windows NT/2000/XP.

The first step to removing GAOBOT from your computer is to 
download FxGaobot.exe 
(http://www.columbia.edu/acis/capture/novargfiles/FxGaobot.ex
e) and run it on your computer. 

Below are a summary of the instructions provided by Symantec 
for running the tool:

Save the file to a convenient location, such as your downloads 
folder or the Windows Desktop (or removable media that is 
known to be uninfected, if possible ).

Close all the running programs before running the tool. 

If you are running Windows XP, then disable System Restore. To 
do so, go to "Start", and select "Settings" and "Control Panels". 
Open the "System" control panel and click on the "System 
Restore" tab in the "System Properties" window that appears on 
your screen. Check the box "Turn off System Restore on all 
drives" and click "OK".
CAUTION: If you are running Windows XP, we strongly 
recommend that you do not skip this step. The removal 
procedure may be unsuccessful if Windows XP Sys tem Restore 
is not disabled, because Windows prevents outside programs 
from modi fying System Restore. 


Double-click the FxGaobot.exe file to start the removal tool. 
Click Start to begin the process, and then allow the tool to run.

Restart the computer. 

Run the removal tool again to ensure that the system is clean. 

If you are running Windows XP, then re-enable System Restore. 

If you are using Active Desktop, you may need to restore it. 
Important Note: If, when running the tool, you see a message 
that the tool was not able to remove one or more files, run the 
tool in Safe mode. Shut down the computer, turn off the power, 
and wait 30 seconds. Restart the computer in Safe mode and 
run the tool again. All the Windows 32-bit operating systems, 
except Windows NT, can be restarted in Safe mode. For 
instructions on restarting the computer in Safe mode, follow the 
link to the Windows Safe Mode Page 
(http://www.columbia.edu/acis/security/howto/remove/safemod
e.html) . 

Once you have completed the process and verified that your 
system is clean, please contact the AcIS Computer Support 
Center at x4-1919, and give the technician either the Ticket 
number or the MAC Address displayed on the previous page in 
order to receive the most prompt restoral of your Internet 
connection. 

IMPORTANT NOTE: Running the removal tool is not 100% 
guaranteed to remove all of the malicious software from your 
computer. If your machine becomes quarantined again after this 
problem is resolved, you will be required to reform at the 
machine and rebuilt it from scratch. There will be no exceptions 
to this policy, as it is necessary to protect the computers 
running on the Columbia University network. Thank you for your 
understanding.

Acis Security Response Team

-------------------
Informacion sacada de 
http://www.columbia.edu/acis/security/howto/remove/gaobot.ht
ml
 

Other related posts:

• » [1000programacion] remove eliminar worm 'gaobot'

1. Home
2. 1000programacion
3. Archive
4. 10-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---