New to this.

Problem, cpu chewed up by the above. Before I found the file it was killing all spyware and antivirus software. After stopping the task, Norton comes up clean, every spyware, adware, trogen killer comes up clean. I have run norton on the network comes up clean.

Symantec had instructions to remove (w32hllw.gaobot.ca), wstart32 from reg, and stop the task. Which I did. I found these two files hidden in sys32. I saved a copy to disk and deleted them. Machine seems to run fine now. My concern is, is the infecting file is still hiding? Also, running netstat, there seems to be some ports that are listening ie. 42555, 34012, microsoft-ds, 1029. Anyone have any suggestions?

14 Years
Discussion Span
Last Post by gmurphy

Some of those are suspicious. I Googled each one using "port xxx" (in quotes), where xxx was the port number. I'll leave this as an exercise for you, but do it soon (hint).

I would also run something like PrcView or CodeStuff Starter to see what threads and processes are running.


googled the ports, one was suspicious. after i stop the wstart32.exe, the suspicious activity is stopped. I also installed PrcView. Same tasks running in taskmgr. I was hoping to get an answer regarding spyware or a virus hidden and if deleting the key in the reg and the file itself will keep it from comming back?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.