A way to get rid of Gael Worm!
A lot of people keep seeing this nasty little virus virus pop up and assume they have not cleaned it thoroughly. If they are anything like me, then that is not the case. Any machine directly connected to the internet (ie not behind a router) has a true ip that can be seen from anywhere on the internet. In other words, if you go to whatismyip.com to get an ip, and then type "ipconfig" in the run box in the start menu, you will get the same ip. I'm betting that these will be the ones having repeated infections like i did.
The virus scanners we all use do a pretty good job. The problem is that this virus looks for shared folders. If you keep getting infected, I ask you, are your drives shared? Thats how it kept getting me. My first problem was that I used "share" as the name for a shared folder, a likely guess for an attacker. Anyways here's what you have to do to make your shared folders off-limits to this virus.
First of all, if you're using simple file sharing, you're asking for trouble. Turn it off as follows:
1. Double click "My Computer"
2. Tools -> Folder Options
3. Click the view tab
4. Scroll to the very bottom
5. Make sure that "use simple file sharing (recommended)" is UNCHECKED
You now can configure what people can do to your shared folder. Go to the directory that keeps having infected files pop up. If its icon has the hand under it, right click on it and select properties. If is not shared, check its parent directory.
click on "everyone"
make sure "Change" is not checked
Click the security tab
Uncheck everything but "Read" and "List Folder Contents"
If you had to uncheck any boxes particularly "write", you probably just fixed your problem.
This will make it much harder to map to your shared folder, since the virus would have to know a username and password of someone that can log into your computer in order to connect. As soon as I realized I was giving write privledges to everyone I was kicking myself. I had been wondering why this thing kept popping up, since I never had time to run the EXE. Mcafee always got it the second it overwrote a file. Well it only overwrote files in my shared folder (of course I didn't share c:), and that is because the virus was never on my machine at all (not for more than a few seconds anyway). It was on somebody's computer who was too cheap to buy a virus scanner and it was getting to me through my shared folder. That is why every virus scanner said my drive was clean. But problem solved. I haven't seen a virus alert since i changed the permissions to read only. I bet it'll work for you too
If you want another computer to have full access to the shared folder, you need to map the share using an existing username and password, or you need to create a winows user on the computer with the shared drive (The new user need not be an administrator). Use the procedure just given but check the "full controll" boxes for this user. Then when you map the share use "connect using a different username and password" to specify the windows user you just added.
Anyways that was the "cleaning procedure" I used. It seems to have worked.