Aliases
-
Gaobot
-
Nortonbot
-
Phatbot
-
Polybot.
Affected Operating Systems
Recovery Instructions:
Please follow the instructions for removing worms.
Change any data that may have become compromised.
Replace the Hosts file from a backup or edit it in Notepad to remove the changes that the worm has made.
Check your administrator passwords and review network security.
Renaming the registry editor
- Using Windows explorer, browse to the Windows folder (usually C:\Windows or C:\Winnt) right-click Regedit.exe and make a copy of it.
- Rename the copy of Regedit.exe to Regedit.com.
- At the taskbar, click Start|Run. Type 'Regedit.com' and press Return. The registry editor opens.
You will also need to edit the following registry entries, if they are present. Please read the warning about editing the registry.
Locate the HKEY_LOCAL_MACHINE entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
DriverConf = dvrconf.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
DriverConf = dvrconf.exe
and delete them if they exist.
Close the registry editor.