Aliases: Win32.HLLW.Ghotex.A
Variants: Ghotex.A

Classification: Malware
Category: Computer Virus

Status: Dormant
Spreading: Slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 07 Apr 2003
Damage: Low

Characteristics: There are limitation in spreading this virus, W32.Ghotex.A, to windows Operating Systems. It was noted that only Windows 95, Windows 98, Windows Me and Windows XP are susceptible to the virus. Reports say that on Windows 95, Windows 98 and Windows Me, this virus duplicates itself on the windows system folder which is named as “Internat.sys” while the original “Internat.sys.” file is also included on that folder making sure that only one fie copy is infected. When the infected files are executed, it copies the host file to windows directory and opens it. The virus is believed to have been written in Microsoft Visual Basic.

More details about W32.Ghotex.A

As it reproduces, it takes up space. The space becomes unusable while the memory space is lessened which in turn, promotes computer or system slow down and or crashes and what’s worse, your system may become inoperable. It also changes the boot sector and this could result to the inability of the computer to run. Furthermore, once the infected files are executed, it also executes the virus and it may search further by infecting other folders. As such, auto play facility in your computer should be disables to further prevent the automatic launching of executable files on network and removable drives. You also need to kill system processes. This should be removed so that the virus will not run during start up. If it still doesn’t work, you may also press the Start button and click on the Run option. This will start the Run tool. Then type in taskmgrand and press OK.

These processes will open the Windows Task Manager. Check all the list of files actively running and find all the .exe files. Right click on the file and choose “end process.” A box will appear and you need to choose yes. It is known that when the infected system is restarted, the worm will still be executed the second time around. If this happens, you may need to run the whole processes and install a commendable antivirus program to fully scan your computer. And the last step is to temporarily disable system restore. Then reboot your computer in safe mode. Then you need to manually terminate all processes and delete infected files.