http://www.computing.net/security/wwwboard/forum/7773.html This is a continuation on from the above thread all concerning the virus -> Backdoor.Sdbot ...please help me!!! ============================= As with all of you I have the virus also...(refering to the above thread) I want to follow the above ways to remove the virus but Im really really sceptical. (it was mentioned that your going to have to delete system32.exe and then go into registery and get rid of one of the registry keys) Just as josh has mentioned that his machine is running slower (once he deleted system32.exe), what effect will this have on my machine? Is system32.exe a executable that is supposed to be with windows or is it a virus?....or has the virus actually implemented itself into the executable and isn't removable until its deleted? And by deleting system32.exe won't that make my windows (xp pro) less of a product than what it was before? Meaning, isn't the system32 executable meant for the running of windows, and if so, won't it actually cause performance issues if its gone? From what I have read all your doing is getting rid of this file and then Windows is shouting back "Hey where is my file?" and then your going into registery, deleting a segment initially fooling the poor thing.... So atm Im keeping this virus on my machine until I know exactly if system32 is a virus in its on right, or has this virus (Backdoor.Sdbot) actually written itself into the system32 executable (required by windows) therefore needing to delete it. If its the latter, then it might be safer to reinstall windows...(if the virus can't get passed my router firewall, and im not using IRC). Can anyone help with my questions? Thankyou.

Search the WWW for system32.exe - lots of info there!! V...

Oh I have looked for system32.exe, don't you worry, Just im getting no results...everything im coming back with though is all related to it and virus's...not its actual functionality...so I can't determine wether or not it is an actual windows executable or infact it is a virus in disguse *shudders*.

I don't know much about windows's inner most workings :( im a newb to its infrastructure.

Have a look here I use this site most of the time i want info on the windows system processes it's pretty conclusive. Lots of viruses have exectuables that look genuine, one of my worst hated is the Rundll.exe part of the LOXOSCAM virus. The necessary file that you don't want to delete is Rundll32.exe

Thankyou very much for that...its always good to have a bit of reasurance before jumping into something :)

In my experience, when you get a file thats part of Windows that shows up as a virus, the virus itself has actually REPLACED or RENAMED the file. Deleting a registry key is a key part of the removal process. Dont be afraid to do it.. just MAKE SURE you follow instructions to the T! Most of them will have you to rename in DOS a .exe file to a .com file, then use it.