Problem solve Get help with specific problems with your technologies, process and projects.

Manual removal of Goner from infected machine

A user on our network received an e-mail infected with Goner and opened it. His virus scan doesn't work now. Is there a way to remove Goner other then formating and re-installing the OS?
You can do a manual removal of Goner by following these steps:

1. Search the hard drives and delete all instances of the file gone.scr. On Windows 95/98/ME it is best to delete it from DOS by booting the PC while pressing F8 and selecting "Command Prompt Only" mode.

After finding the file, go to its directory and use the command
ATTRIB -s -h -r gone.scr
to be able to delete it.

On Windows NT/2000 systems, boot using the Windows NT/2000 CD and select "Repair Install Console" to get to a command prompt, and follow the same steps as above to find and delete the file.

2. Using regedit.exe, find the key
deleting the key entry where the name "'gone.scr" appears.

For more information on this topic, visit these other searchSecurity resources:
News: Goner worm could have been prevented
Best Web Links: Malware

This was last published in January 2002

Dig Deeper on Information security policies, procedures and guidelines

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.