# New Worm ????



## Geekgirl (Jan 1, 2005)

Anyone have any info on W32/VB.NJ worm? Google brings up no hits :4-dontkno 

Panda Active scan found 644 instances of this worm 

*EDIT*
I removed the NJ (tentonbob suggested) and found some info on it, needless to say the system is being wiped out


----------



## chauffeur2 (Feb 7, 2006)

Hi Geekgirl,

I've been doing some 'hunting' for you, and have come up with an alias for your worm.....it took awhile, but me being a 'ferret- type' persisted :grin: 

Here's a link to some info.. 

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GAOBOT.DF 

I'll continue looking...I have asked AVG if they know of it, and they have requested the full name, and what the symptoms of it are.

Hopefully this info might help.

Kind Regards,

Dave T.


----------



## Volt-Schwibe (Jan 12, 2003)

this one seems nastier than most.


> It spreads by attempting to drop a copy of itself in the target addresses' default shares. If the said shares is password-protected, it uses NetBEUI functions to gather a list of user names and passwords, as well as a list of hardcoded user names and passwords as its login credentials.
> 
> Using a random port, it connects to an Internet Relay Chat (IRC) server and joins a specific channel, where it listens for commands from a remote malicious user. The said commands are executed locally on affected machines. This routine compromises system security and opens the affected machine to further attacks.
> 
> ...


----------



## Geekgirl (Jan 1, 2005)

I figured it was nasty, it piggybacked onto some of their software like Photoshop and the panda log (which got wiped......oops) showed something like this
C:\Program Files\Photoshop (cracked).exe :4-dontkno 
Thats not exact, sorry I wish I would have saved the log, but it gave (cracked) and (hacked) after some programs.

The user tried to clean it themselves but made things so bad that it needed wiped. They tried doing a repair install from a Dell cd that came with the mothers desktop pc :sayno: The user profole was so corrupt, no Run command in the Start menu, the clock couldnt be set, it said 15:48 ????? in the taskbar........it was really messed up 


But needless to say its all better now, I reinstalled XP Home, got the drivers from Dell's site and it was ready to be picked up as of Saturday :grin:


----------



## chauffeur2 (Feb 7, 2006)

Hi Geekgirl,

Firstly, I sincerely apologise for the delay in responding to my last thread, but have been tied up with work.:embarased 

Anyway, I'm glad to hear that you got the problem sorted [I knew you would].

I received an email back from Grisoft Support, and they informed me that they would have liked to have had the AVG free Edition scan report for analysis,from the infected machine, but that's not possible.

However, since that email, they sent me another one saying that they "are on to the problem, and will issue a 'repair' patch within 24 hours", this was received in an update earlier this morning [Australian Time].

I thought that I would mention this for future reference, as Grisoft [AVG] are excellent when it comes to such matters.

A third email arrived thanking me for the information, but I would like to thank 
Volt-Schwibe for posting the detailed info that I passed on to Grisoft.

Kind Regards to All,
Dave T.


----------



## Geekgirl (Jan 1, 2005)

Dave no need to apologize, we all have other lives beyond this forum :sayyes: 
I appreciate the effort you are making, thanks for the very useful information. I am actually a reseller for Grisoft, should have thought of contacting them myself


----------



## prsings (Oct 31, 2005)

Please see caps at end of paragraph three, This may be W32/VB.NJ!

I am on my lady's computer because mine is DOWN. I run a Dell 4600. Windows XP Home, 1 Gig ram. My security is handled by my provider, Adelphia, Namely Zero Knowledge's Freedom Suite, Anti-virus, Spy ware, Firewall. I also run AdAware, Ewido, Spybot Search and Destroy, and Microsoft Malware program weekly. I have WinPatrol and Spyware Blaster that always run. I had McAfee, safe site (or something like that that gives Little green red and yellow indicators about site safety. I had a problem with Freedom, called them and they had me remove it, download and reinstall. I had to delete or shutdown all my other security, per their instructions, to be able to install. Everything went well, and my problems seemed cured. I then downloaded and reinstalled the above mentioned security items. There was a short time when I was running wit NO security. I ran a full scan with everything, found a few cookies, but nothing more.

The next day I was alerted that I had a virus, W32/SecBanker!Maximus in E:\System Volume.It said it couldn't clean it so I should delete it and restart. I did that.

I did not know I had a System Volume on my E: drive. E: is a partition on my D: (2nd) Hard drive which I use exclusively for my music programs. Everything seemed to run fast and smooth. The next day I had another alert about a Virus on E:\System, but unfortunately didn't write it down, IT WAS MADE OF LETTERS AND NUMBERS. I followed the removal instructions, rebooted and went back to work.

My computer completely froze, I had to do a Hard shutdown, with the power button. When it tried to restart, I got a message saying it couldn't find my hard drives. I have gone to setup, changed my drive options, tried every combination, no help. I tried to restart in safe mode, same result. I had installed a new power supply, so I opened my box and switched the power supply leads from my CD-Rs to My HDs, in case they weren't getting power. Again, no help
I then went to my boot disks (6 floppies, and they ran just fine, the final instruction was "Insert your Windows XP Install Disk. I did , and got "Can not find drive C:\.
I am stuck, can anyone help me or should I take it to a Pro?


----------



## Geekgirl (Jan 1, 2005)

prsings plz follow the instructions in the *First Steps at Removing Malware *, then post your log in the *HiJackThisLog Help Forum*, start your own thread and one of our highly trained analyst will look it over and reply with the appropriate instructions


----------



## prsings (Oct 31, 2005)

Sorry, I can't do anything on my computer.


----------



## Geekgirl (Jan 1, 2005)

> I did not know I had a System Volume on my E: drive. E: is a partition on my D: (2nd) Hard drive which I use exclusively for my music programs.


Possibly where ever you d/l your music file it was infected with a virus. 

Can you boot into Safe Mode w/ Networking? (Tap the F8 key whil booting)


----------



## prsings (Oct 31, 2005)

No, I tried safe mode immediately... no C:\ present. I have some more ?s, (her CUE doesn't work) I want to post a new thread, I posted in "General Security" forum on 06-24-2006, 08:14 AM, it has had 24 views, no replies. Where should I post this thread?


----------



## Geekgirl (Jan 1, 2005)

Hmmm ....it tells you no fixed disk present??? This may be hardware failure. I would start a thread in the HiJackThis Help Forum to first eliminate malware, if they cannot help you post in the hard drive forum.


----------

