Page 2 of 2 FirstFirst 12
Results 21 to 24 of 24

Thread: Sasser Worm

  1. #21
    Senior Member
    Join Date
    May 2004
    newbie land

  2. #22


    I found trojan every 1 week in my game box on NT. Even though I dun browse net and the AV on NT cant even detect a thing. I found them when booting from the Linux and scan the partition there. My "server" a broken screen P166 notebook running Mandrake 8.2 and never shutdown for 2 yrs, unpatched never had a problem. Well, still need NT for games and that's why it's still there.

  3. #23
    Join Date
    Sep 2002


    Quote Originally Posted by Linkster
    for your Gaobot virus,

    Removal using the Removal Tool
    Symantec Security Response has developed a removal tool to clean the infections of W32.HLLW.Gaobot.ADX. This is the preferred method in most cases.

    Manual Removal
    Perform a manual removal if you cannot obtain the tool.

    The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

    1. Disable System Restore (Windows Me/XP).
    2. Restart the computer in Safe mode or VGA mode.
    3. Reverse the changes made to the registry.
    4. Update the virus definitions.
    5. Run a full system scan and delete all the files detected as W32.Gaobot.ADX.
    Ref to point 3 above,
    How do i reverse the changes to the registry??

  4. #24


    Quote Originally Posted by jherek
    Ref to point 3 above,
    How do i reverse the changes to the registry??

    To reverse the change made to the registry

    WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.

    a. Click Start, and then click Run. (The Run dialog box appears.)
    Type regedit

    b. Then click OK. (The Registry Editor opens.)

    c. Navigate to the key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run

    d. In the right pane, delete the value:


    e. Exit the Registry Editor.

Page 2 of 2 FirstFirst 12


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts