W32.Ganda.A@mm.enc

Hi all!

Had a phone call from a friend who has been hit by this virus.
He has the latest definitions update from Symantec and the virus is listed in his known virus list.

The NAV log says that two files had been infected and automatically deleted.

A virus scan turns up nice and clean.

However, he can no longer connect to the internet. He is on a dial up modem.

Is there a connection between the virus and his unability to get online or is this coincidence?

Thanks for Your time,
Christer

 

Hi aleekat,
thanks for Your reply!

I searched the Symantec site for "W32.Ganda.A@mm.enc" which provided far less information than for W32.Ganda.A@mm.

I´m pretty sure that he has done nothing but he told me that the NAV log listed the deleted files.
He has no backup but I guess that the deleted files can be extracted from the Win2k CD. (I wish I knew how!)

I´ll meet with him tomorrow and see what can be done.

Christer

 

I´ve had a look at the computer.

The virus was caught by NAV and the files deleted were the actual virus trying to copy itself to two locations. Thus the computer wasn´t infected.

When my friend saw the NAV activity he physically disconnected from the internet, pulled the plug. This is probably why he couldn´t reconnect to the internet.

Yesterday, on the phone, I told him to restart the computer and he said he did but actually didn´t. He hibernated the computer and woke it up again.

After a proper shut-off and re-start everything worked.

He confessed to never having shut off properly, always using hibernation. He now understands the difference.

Thanks for Your assistance,
Christer

 

First of all, when I re-read my own post this "sounded" wacky:

Of course, he re-connected the plug ...... ...... before trying!

I don´t know how it´s possible but he knows even less about computers than I do so, he was very relieved that it wasn´t a serious situation.

Christer