Pentagone (Goner) worm

The Goner Worm is a nasty little bugger. 

You will first receive an email from someone with the Subject Line: "Hi"
This will be the program (screen saver) you will see (IT IS EVIL!) DO NOT OPEN IT!
Well, if you did open it... this is one of the things you will see
You also will see this.

If you are using Outlook or Outlook Express,  you might want to Email EVERYONE on your contact list and tell them NOT to open the attachment.


First thing first, as I said before EMAIL, call, fax, send by the pony express, what ever you have to do to let your contacts know that you were infected by a virus. Next you must go to "Start" then to "Run" and type "regedit" and click "ok"
  Once in Regedit go to "Edit" then "Find" type "gone.scr" delete the String value.
It should be located at:


Make a note of the location of the gone.scr file.
On a 98  it should be:
"C:\Windows\System\gone.scr" and the value should be the same.

If you are on a NT or 2000 machine it should be:
"C:\Winnt\System32\gone.scr" with the same value.

On XP, I believe it is:
"C:\Windows\System32\gone.scr" with the same value

Next you must reboot the machine and boot into the Command prompt.
To boot into the command prompt press F8 when you see Starting Windows 98 or Verifying DMI Data Pool.
Then Select Command Prompt.
On later versions of Windows press F8 when the splash screen first starts to load. Select Safe Mode with Command Prompt.
Now change to the directory where the gone.scr file is located (i.e. if the file were located in c:\windows\system\) then type
cd \windows\system\

Next type
attrib gone.scr

You should see the SHR attributes to the left of the filename.
These stand for System, Hidden, and Read-Only. You must remove these by typing:
attrib -s -h -r gone.scr

then delete the file by typing:
del gone.scr

(view an example to the right)


Now Reboot.