So I have Symantec AntiVirus on my computer. Keep it updated, all that stuff…
Right now I keep on getting notifications that a file is found with a virus. Always the same virus: W32.Gaobot.ZW
Notifications keep popping up. Won’t stop. Up to 93 now.
The name of the virus isn’t in the Symantec database of viruses. I’m just at a loss of what to do now…
Norton gives you the name of the file yes? Locate the file then delete it, if it says it can’t be deleted because the file is in use (which may be why Norton can’t delete it) then write the entire location down (e.g. C:\documents and settings\user emporary internet files\A953KDN9\virus.virus) and go into Safe Mode and delete it that way.
Perhaps it’s a varation of [this[/url one?
In the mean time… head over to www.housecall.antivirus.com](http://www.symantec.com/avcenter/venc/data/w32.gaobot.yc.html) and have them give your computer a scan. It’s worth a shot. And/or, boot into safe mode and run your scanner then, maybe then it’ll get rid of it.
<< Sleep is for wimps. Happy, healthy, well-rested wimps, but wimps nonetheless. >>
sigh And I even previwed. Maybe, despite the sig in my post above, I should get some sleep.
You might want to try downloading AVG from www.grisoft.com - it’s free for personal use and just caught a trojan horse yesterday that Symantec missed.
The Symantec program is auto-quarantining the files as they pop up. Right now 190 are in the quarantine folder. I can delete them. But there’s obviously more wrong than that. I’ll try some of the things you guys suggested. Thanks.
I got the “handy” virus a last year. NAV quarantined it but couldn’t remove it. I ended updoing just what SlickRoenick did. It was tedious and time-consuming but that took care of it.
While going thru that I found I had another virus (can’t remember the name) that somehow corrupted my Norton Antivirus automatic updates. It appeared to be working fine-connecting to the sited, downloading catalogues but the virus definitions were not being updated.
I deleted then reinstalled NAV and fixed it that way. Have you checked when your virus definitions were last updated?
I know I’m bringing back an essentially dead thread, but just a quick update. Nothing was working, but yesterday Symantec finally released a program that cleaned the virus off my computer (thankfully). My definitions were updated, but the virus was brand new when I got it. All is well now. 
Glad to have been of service.
Puzzled as to why you had a problem. The virus was reported to Norton on 4/12 and they included the repair to updates downloaded as of 4/13.
Hmm… I got infected with the virus on the 15th, and I know when I was infected the name was not yet in the Symantec index (and the next day it was, along with the removal tool). 
That virus killed us here at work. One thing it does is hack your host file so that your virus scanner can’t autoupdate. Check C:\WINDOWS\system32\drivers\etc\hosts and see if there are a bunch of references to anti-virus vendors all aliased out to 127.0.0.1. If so you need to remove those. It is a text file, use notpad.
*You may need to change WINDOWS to WINNT depending on OS.
Went over and opened up my hosts file. This is what it says:
I think I’m okay (my computer quarantined it as soon as it caught it, it seems, just couldn’t delete it). Is there anything I need to change?
No, that’s a normal HOSTS file.
OK, here’s what I have:
Do I need to change this?
That’s fine, as long as none of them are sites that you want to go to. If you see the names of any antivirus vendors like symantec.com or trendmicro.com in that list then you’ve got a problem.
Any name mapped to a 127.x.x.x address will loopback to your computer and will be effectively blocked. Spybot and Kazaa Lite use the HOSTS file to block the names of known ad and spyware sites.
Thank you, that’s what I suspected was the case, but I wasn’t sure. I searched for any addresses from grisoft or AVG and didn’t find any, so I think I’m OK on the anti virus front. Thanks again!
Another nice little trick (especially if you are on a dial-up connection) is to add URLs of ad servers. In my host file I added:
127.0.0.1 www.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 m.doubleclick.net
127.0.0.1 phase2media.doubleclick.net
127.0.0.1 ln.doubleclick.net
127.0.0.1 ad.au.doubleclick.net
and now I don’t see any of the doubleclick ads plus, pages load faster.
Pages that normally have adds will look different because you will get an error about not being able to load the page but you will know it is working.
You can get a free list of over 4000 of those sites, including many popup porn ones, at A detailed guide for using the MVPS HOSTS file
But you might have to disable the HOSTS list blocking function while doing shopping at even reputable sites. I just bought some stuff at buy.com, and before I disabled the host list, 95% of all the graphics were gone. Even tho most were ads, that was a mite disconcerting.