Help
This forum contains self-help guides on removing common malware and viruses. These guides can be advanced so please use them at your own risk.
This self-help guide will allow you to remove the W32.Gaobot.CEZ
What this program does:
A worm that allows your computer to be controlled by a remote attacker using IRC.
Tools Needed for this fix: Related Tutorials: Symptoms in a HijackThis Log (Maybe different entries but will contain the same domains and hostnames):
O4 - HKLM\..\Run: [Ethernet Drivers] ethernet.exe
O4 - HKLM\..\RunServices: [Ethernet Drivers] ethernet.exe
Removal Instructions:
- Download HijackThis from the above link and extract it to c:\hijackthis.
- Print out these instructions.
- Navigate to the c:\hijackthis directory and double-click on HijackThis
- When the program starts, double-click on the HijackThis icon and then click
on the Scan button.
- Put a checkmark next to the following entries if they exist:
O4 - HKLM\..\Run: [Ethernet Drivers] ethernet.exe
O4 - HKLM\..\RunServices: [Ethernet Drivers] ethernet.exe
- Then click the Fix button
- Exit HijackThis.
- Reboot your computer
- Delete the following files:
%SYSTEM%\ethernet.exe
Windows 95/98/ME: C:\windows\system
Windows 2000/NT: C:\Winnt\System32
Windows XP/2003: C:\Windows\System32
Now your computer should no longer be infected with the W32.Gaobot.CEZ infection. It may be possible that you still have some spyware or malware installed on your computer. If you feel this is the case, follow the instructions below to post a HijackThis log and someone will help you to remove the rest.
This is a self-help guide. Use at your own risk.
BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our HijackThis Logs and Analysis forum.
If you have any questions about this self-help guide then please post those questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum and someone will help you.