Gaobot is driving me mad

I have all secutiry updates & Norton loaded but I have got GAOBOT.SN 
somewhere on my PC.  I think it is in the temp files biy when I try to delete 
it is says I don't have the authority or the file is in use by another 
programme.

I've run Norton & windoes scans but they can't find this virus.  I';ve tried 
in safe mode & still can't find it   ANy suggestions?  

From: "Kazhelpneeded" < XXXX@XXXXX.COM >

| I have all secutiry updates & Norton loaded but I have got GAOBOT.SN
| somewhere on my PC.  I think it is in the temp files biy when I try to delete
| it is says I don't have the authority or the file is in use by another
| programme.
|
| I've run Norton & windoes scans but they can't find this virus.  I';ve tried
| in safe mode & still can't find it   ANy suggestions?


Download MULTI_AV.EXE from the URL --
 http://www.**--****.com/ 

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
 http://www.**--****.com/  Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE.  It will
simplify the process of using;  Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove
viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode.  It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * *     Please report back your results  * * *


-- 
Dave
 http://www.**--****.com/ 
 http://www.**--****.com/ 

I ran the sophos file in normal mode but I had to go out so don't know what 
it did.  Since re-booting I have not had any Norton or AVG virus 
notifications sayiong GAOBOT has been detected.  Am i safe to assume sophos 
deleted the virus automatically?

From: "kazhelpneeded" < XXXX@XXXXX.COM >


| I ran the sophos file in normal mode but I had to go out so don't know what
| it did.  Since re-booting I have not had any Norton or AVG virus
| notifications sayiong GAOBOT has been detected.  Am i safe to assume sophos
| deleted the virus automatically?

It should have created a scan report...

C:\AV-CLS\Sophos\ScanReport.txt

Please copy and paste the report into your reply.

-- 
Dave
 http://www.**--****.com/ 
 http://www.**--****.com/ 

This may be a new version of Gaobot:
 http://www.**--****.com/ 

Updated definitions are not available yet - not even via Intelligent 
Updater. From my past experience they'll probably get a new definition 
set sometime today. So keep an eye out on the Intelligent Updater site:
 http://www.**--****.com/ 

Lance
*****

Kazhelpneeded said the following on 8/21/2005 11:28 AM:

From: "kazhelpneeded" < XXXX@XXXXX.COM >

No sign of it found in the log.  Nothing else found either.

-- 
Dave
 http://www.**--****.com/ 
 http://www.**--****.com/