| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 80452 | 2007-06-23 20:34:00 | "Hacked by Godzilla" - how do I get rid of it? | straka01 (310) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 562118 | 2007-06-23 20:34:00 | A friend gave me their IBM Laptop to fix yesterday as it has the Godzilla virus on it. They'ld put on AVG - but a bit too late I think. It's running XP with the firewall on and with AVG scanning OK. I've been to Google to get some fixes and tried them but as yet it still keeps popping up whenever I boot up & before windows starts and whenevr I close down. Does anyone know of any programs to remove it? Does anyone know exactly the procedure to eliminate the errant files in the registry, boot sector, etc, etc? I've tried msconfig and stopped all the programs starting except the essentials. I've eliminated all the autorun.inf files I can locate. I've used uninstall to eliminate the main Gozilla program. Out of interest it's address is www.go.microsoft.com etc - sneaky buggars! I've also run Adsubtract Plus, Reg-Cure, etc - made it go a lot faster but the virus is still there. AVG doesn't pick it up when I scan. I think the virus must disable AVG running in the boot sector. The files that people on Google say I need to eliminate don't seem to exist so I'm wondering whether this is a later version of the virus. Any help greatly appreciated. |
straka01 (310) | ||
| 562119 | 2007-06-23 20:51:00 | Try trojan remover (dl/install/update it). Then scan then all options under the utilities menu. Or BOclean in my sig. BOclean runs in the background, and may pick it up and remove its entries. The Symantec site if u havent been there says: To remove the VBS.Godzilla.A@m virus: 1. Delete the Update.hta and Sign.html files. 2. Reset your Outlook Express signature or remove the one that has been added. You can run Regedit.exe to modify the registry. 3. Delete the value of Default Signature in the following registry key: HKEY_CURRENT_USER\Identities\{Default User ID}\Software\Microsoft\Outlook Express\5.0\Signatures 4. Remove the entire \00000123 key. 5. Reset your signature by running Outlook Express. |
Speedy Gonzales (78) | ||
| 562120 | 2007-06-23 21:04:00 | Thanks that gives me somthing to work on! | straka01 (310) | ||
| 562121 | 2007-06-24 01:18:00 | I've now installed and run three of the above programs but they've not got it out. The targeted lists on BOClean & Trojan Rem (I think) don't mention they target Godzilla. I'll keep trying but if anyone has further ideas please let me know. Thanks | straka01 (310) | ||
| 562122 | 2007-06-24 01:45:00 | Did u delete those files if they were there? I would turn system restore off ( if XP is on it), boot into safe mode add yourself to the System Volume Information folder/s (you'll have to untick hide system folders). Then delete everything in it. And if u havent gone into the registry delete the entry I posted. |
Speedy Gonzales (78) | ||
| 562123 | 2007-06-24 01:52:00 | I would turn system restore off ( if XP is on it), boot into safe mode add yourself to the System Volume Information folder/s (you'll have to untick hide system folders). Then delete everything in it. A more easier way is go to Control Panel > System > click on the "System Restore" tab > & then tick the box next to where it says "Turn off System restore" then restart the computer straka01 > once you got rid of this virus make sure you turn back on System restore (To do that do the same as above part from you un-tick "Turn off System restore" |
stu161204 (123) | ||
| 562124 | 2007-06-24 01:54:00 | A more easier way is go to Control Panel > System > click on the "System Restore" tab > & then tick the box next to where it says "Turn off System restore" then restart the computer Ah yer but just turning SR off wont necessarily delete whats in the folder/s. |
Speedy Gonzales (78) | ||
| 562125 | 2007-06-24 03:14:00 | ...'add yourself to the System Volume Information folder/s' - Not sure what you mean by this! I've turned off restore and I'm in Safe Mode.... now what? By the way, a have a window that keeps popping up and I suspect it's associated with Godzilla - it says Genuine Windows Advantage - is that legit.? I've gone and updated everything at microsoft update. Another thing or two: The files Update.hta & Sign.html don't exist. In the registry I couldn't locate a 'signatures' value or folder. Couldn't see 00000123 is it in the same 5.0 folder? |
straka01 (310) | ||
| 562126 | 2007-06-24 03:44:00 | Boot into safe mode show system/hidden files / right mouse on the System Volume info folder. Under security tab I think u can add yourself as admin. (Whatever the name is under the start menu). Then u should be able to get into the System Volume info and see whats in there. If there are any files delete them (if u have more than 1 hdd, do the same for all). |
Speedy Gonzales (78) | ||
| 562127 | 2007-06-24 04:15:00 | OK. I'm in Safe Mode. Showing hidden system folders - no probs. I don't really understand what you mean by 'System Volume info' folder. I've right clicked on MY PC and got to the Security tab - but I'm not used to doing anything in here. I've serched for any folders called System Volume Info and various combinations - no luck. Can you please walk me thru exactly what to do to set up this new admin a/c so I can find this elusive folder and delete the files in it. Sorry to be such a pain. | straka01 (310) | ||
| 1 2 | |||||