i have 1 virus i think, either that or it is 2 with the same file name. AVG picks the virus up as Worm/Agobot.6.AX Norton picks it up as W.32 Gaobot.gen is it the same virus? both of them have been picked up on: C:\Documents and Settings\All Users\Documents\wmpupdate.exe i have tried the Gaobot removal tool from norton and it doesnt work, even in safe mode. not too happy because i formatted my computer about 3 weeks ago because of this virus (the gaobot) and now it has returned. i am using windows XP professional and have a half full 40gig hard drive which has coursework on it (it is backed up) and it needs to be done as soon as possible! at the moment i can barely work my way around without the annoying popups from norton and AVG telling me i have a virus. please help! Chris

Do you have a firewall enabled? Even XPs will do. It will help you. I had a similar problem on a client machine a couple of weeks ago...took some serious hunting through the registry to track down and kill the offending bug. The manual removal instructions in this article were a handy guide in helping me hunt down and kill said worm manually. W32.HLLW.Gaobot.gen In my case, NAV did not detect it, the Symantec removal tool did not remove it, and Stinger would only clear out the hosts file modification. But all the signs and symptoms of Gaobot.gen were there. Working "creatively" with the manual removal instructions in the article, I was able to kill it. Remember the offending file (wmpupdate.exe) when working through the manual removal. I bet you will also see it in MSCONFIG. If you do not have a firewall enabled, random exe's may be appearing in C:\. Also, you will probably not be able to visit many security sites (a hosts file modification caused by the worm blocks them). Manual removals can be tough and require a bit of creative thinking. Give it a try and ask for more help if you need it. I could ramble on forever, but that's what the link to the article is for. Give it try. It will be irritating, but you can fix it. good luck. post for more help if you need it. AOSCLAY Monkies Can't Do This

In addition to AOSCLAY's excellent advice check out my Response in the thread at the link below. You must stop the process on the wmpupdate.exe file in Tak Manager (Ctrl/Alt/Del) then download the patch from Microsoft then follow the instructions and you will be able to get rid of it. I had it last week and it drove me nuts till I finally got rid of it. http://www.computing.net/security/wwwboard/forum/11688.html Tufenuf

hey TUFENUF, Thread tag! You're it! if we keep bouncing off each other like this, we just might fix something between the two of us. LOL. Thanks for the assist bud. I knew I left something out. That's what happens when I hurry. Fingers type, but brain falls behind. (too many variants...) LOL I'll check back later. AOSCLAY Monkies Can't Do This

ive installed those windows updates, just waitin to see if it returns, ill keep you posted

refer to this post for my last message :@ http://www.computing.net/security/wwwboard/forum/11688.html and no its still there, thanks for attempting to help though

The GAOBOT virus appends all anti virus related websites such as symantec.com!So what you need to do is this!! Open Start > Search In the search field type "hosts" Be sure the function only scans you're C drive! When a file called HOSTS appears open it!choose notepad to open it but make sure to uncheck the option to open this file with the notepad extension in the future! When it opens scroll down and you will see a listing of sites that will be appended delete all of them except for the localhost entry *127.0.0.1 localhost* this must stay unchanged Now you can search symantec.com or other anti virus sites to find a fixtool or someting like that!! Laten we lekker ruig gaan doen