Yes, I have all of them installed and my hosts file is also ok.

0

hey Zachtje your file "sysconf.exe" that Norton keeps choking on was not found in the registry? hmmm... have you attempted to delete it from the location Norton says it is in? Here are two glaring symptoms for the worm Norton says it is detecting: Attempts to disable Anti-Virus software (your Norton Auto-Protect will not run) Modifies hosts file to block security sites (you cannot reach symantec, trendmirco, sophos, kaspersky, etc...etc...Because of this you cannot run live update). You get the idea. Not all variants modify the hosts file. Are you having ANY symptoms (other than a file is being detected)? Look in start up in MSCONFIG. If it is running at start-up you will see it. It's not that stealthy. Here's one to throw you...my variant created an infected file named svchost.exe, just to be confusing. Kind of hard to spot it amongst all the other svchost.exe's running around...except this one was visible in start up...svchost.exe usually isn't. If its not running at start-up, nor is it a running process, try and delete the file manually from its location...or quarantine it. Take your pick and see what happens. Its entirely possible that this is a false positive (though you don't really see many of those) good luck! AOSCLAY Monkies Can't Do This

0

Zachtje, Did you turn off System Restore then restart your computer? Try doing that then run another virus scan in SAFE mode. If it comes up clean restart in Normal mode and turn on System Restore again. Disabling or enabling Windows XP System Restore Tufenuf

0

Sometimes even I forget to disable System Restore.... :( and Zachtje, I read back up to your original post...you have already tried a lot of this...sorry...I need a nap. It if is Gaobot, and your file keeps coming back after you delete it or after you restart, look in the follow registry locations for your references to your infected file: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\RunServices If something strange isn't in these locations (not necessarily your file name) then I don't know whats running your worm. Take a peek. If you don't know what you see there, ask for help. now...nap time. AOSCLAY Monkies Can't Do This

0

oh, hey, Zachtje, Does the file come back after you delete it with the same name...or a random one? The machine that I killed Gaobot on the other day was stacking randomly named exe's up in C:\ until I turned on the firewall. But the offending svchost.exe remained consistent (until it was killed). Just curious...That family of worms is very large and new variants come out frequently. You might be unlucky and are suffering from a new variant, or an obscure one. Stranger things have happened. good luck (now its nap time) AOSCLAY Monkies Can't Do This

0

sorry...forgot a registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services Look in there too. AOSCLAY Monkies Can't Do This

0

rite. now i am getting a bit p***ed off with this, ive done everything you say, turned my PC on this morning and norton picks it up, exactly the same file in the exact same place. i dont want to format this again because of reasons explained in my other post

0

hi folks, i had the same problem with a clients computer. the trojan disabled norton, screwed up the quarenteen file so that none of the files norton picked up showed. the clients computer was so slow and sluggish. the symantec gaobot fix did not pick up all the varients as there were so many varients of it. i did not want to stay there to long so I uninstalled norton, and installed a copy of hauri anti-virus. in a nutshell, hauri cleaned up everything and also repaired all the infected files. all the best, murve

0

When I delete or quarantine the infected file manually a new exact same file comes back in same location. I can't find any references to the infected file in the registry. But just for pointing out once and for all only Norton detects this file to be a virus. Other online scanners I have tried says it's clean. Nevertheless it can't be good to have a file act like that. I have done exactly what symantec suggest me to do at least 10 times, including scanning in safe mode with system restore off. Maybe I should face the fact that I'm getting violated by someone and live with it.

0

murve said: "I uninstalled norton, and installed a copy of hauri anti-virus. in a nutshell, hauri cleaned up everything and also repaired all the infected files." just done that, picked the file up straight away, thanks i think its now gone :-) however my printer has just started printing random symbols as i type this message and on the first bit of paper it sats: THIS PROGRAM CANNOT BE RUN IN DOS MODE any ideas now ???

0

hey mr_x1988 and Zachtje, That sounds similar to symptoms of Bugbear (bugbear.b i believe). Some variants of Bugbear will cause your printer to generate page after page of a few lines of random symbols. It won't stop until you power off the printer. Then you have to clean up the infection... There's lots of sources of info for this bug, so I will not post links...I'm sure you can find it if your are interested. OF COURSE THERE IS AN EQUAL CHANCE THAT YOUR NEW PROBLEM IS NOT A VIRUS AT ALL, BUT SOME OTHER BUG OR GLITCH. After all, you did just install new software. You could check tech support for Hauri and see if its a known issue. (I am assuming you installed their product and this printer glitch began to happen). That's why you set restore points. On the subject of Gaobot (the worm that started this this thread) if you guys haven't noticed in your reading, many new detection updates for that worm have been issued from the major security firms over the last few days. Hauri was one of them, twice it appears in the last two days. THE MORAL OF THE STORY: Do not rush to format your machines. If you cannot remove what's bugging you manually (this can be tough since many manual removal instructions are at best "non-specific") try and weather the storm. New fixes come out everyday. Think of it like a ship at sea. Hunker down, shore up the ship and try and sail through the bad weather. If you have a firewall...USE IT! If your operating system needs updates...DO THEM! If you have anti-virus software...UPDATE IT LIKE A LUNATIC! If your anti-virus software isn't working...TRY SOMETHING DIFFERENT! If you can't find and fix the source manually...BE CALM! And if you can't afford to wait it out (sometimes you can't)...FORMAT and RELOAD. There are a lot of ways to go about this, and its a "threat rich" environment out there. Sometimes it takes time to get enough info on new threats to help anyone. And sometimes old threats are stubborn. Sometimes the dog eats you (but not too often). If your machine is functional, and you feel you can contain the threat if not eliminate it, then don't be too quick to format it and start over. More info will come in time. If you have new symptoms, or any additional info on your problems, it would be a great help in helping you. The variables are almost endless. You are both correct...This is not as easy as you might think. Sometimes this stuff just flat ruins your day. But it can always be fixed...one way or another. Let us know. AOSCLAY Monkies Can't Do This

0

ok got the printer one sorted, it was just an error on the printer so i think im completely virus free :-)

0

I have the same problem too: - Norton messagge: Virus Alert: "Documets and Settings\All users\sysconf.exe" --> quarantine - Another one will produced after some times - Alert is produced only if I'm in Internet without firewall - Seems that virus try to force other users in my computer So symantec procedure (or other procedures are not useful): - I have all windows patch (for blaster, sasser... virus) - file hosts is not modified - sysconf.exe isn't in the system register (there is anything strange in register, no msblast.exe,...) - I have no HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\RunServices directory in my system - Symantec tool is not useful - System32 has nothing strange I think: - Symantec founds gaobot, but it isn't gaobot - Virus starts with windows but I don't now what process is... I ask you: - What of this process can be unreal? MsPMPSPSv.exe SVCHOST.exe (I have five of thiss processes) SAVSCAN.exe CTSVCCDA.exe SAVSCAN.exe SPOOLSV.exe ccEvtMgr.exe ccSetMgr.exe LSASS.exe CSRSS.exe SMSS.exe AGRSMMSG.EXE excuse me for my bad english, Alberto

0

Errata corrige Noton message is: 'Virus Alert Documets and settings\AllUsers\Documents\sysconf.exe' There is a prioblem but I'm italian an this directory in my computer doesn't exists... Italian version is Documets and settings\AllUsers\Documenti condivisi

0

Alberto, you said: "Alert is produced only if I'm in Internet without firewall" Don't do that. Keep your firewall enabled. Gaobot is a worm that seeks out unprotected and vulnerable machines all on its own. You need to leave your firewall enabled. more later AOSCLAY Monkies Can't Do This

0

Hello boys! I have some good news I think. First I need to rectify myself, I seriously thought I had a virus that I could not get rid of. But after trying Hauri antivirus which not found my alleged virus either I was determined it is not on my system 24/7. So it was pretty clear it got in somehow. I started to close down ports and services by the help of Steve Gibsons homepage http://grc.com/default.htm. I went through almost anything I saw there. And since then my system stays clean! It is up to everyone to decide if you want to follow his advice and use his nifty programs. But I do not regret that I did that. I would also like to thank everyone here for help and suggestions, it is good to see that people at least trying to help people out. I just wanted to say that, and do not trust anything on the net. Keep up the suspicion and stay clean of viruses!

0

hai try bootin the system in dos put up a dir search and delete the files manually dir/s sysconf.exe reboot since u hav deleted all the files there wud be no scope of the virus returin bye t.umesh www.umeshsoft.tk

0