Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
i have the virus backdoor.sdbot on my computer in file winxp/system32 under the filename system32.exe. i have looked in the appropriate directories for the files that the trojan is supposed to leave and i can't find any of the files. i looked in my registry and i can't find the registry entries that the trojan is supposed to leave. I found the file system 32.exe but i cant delete it my NAV pops up every five minutes notifying me of the virus but i can't remove the virus or delete it NAV says unable to repaire the file. can someone please help me.
Max, Follow the instructions at the link below.
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html
HTH
Tufenuf
0 
I did but i cant find cnfgldr.exe. or
"Configuration Manager"="Cnfgldr.exe"
"System Monitor"="Sysmon16.exe"
"MSSQL"="Mssql.exe"
"Configuration Loader" = "aim95.exe"
"Internet Config" = "svchosts.exe"
"System33" = "%System%\FB_PNU.exe"
"Configuration Loader"="cmd32.exe"
0
Max, Note that it states:
Copies itself to the %System% folder. The filename to which it copies itself can vary. Some known filenames are:
Cnfgldr.exe
Sysmon16.exe
Sys3f2.exe
Syscfg32.exe
Mssql.exe
Aim95.exe
Svchosts.exe
FB_PNU.EXE
Cmd32.exe
Sys32.exe"The filename to which it copies itself can vary. Some known filenames are:"
That doesn't necessarily mean that it copies all of those files.
Tufenuf
0
Did you go into the RUN hive in your Register as per the Symantec directions? It's easier to identify a foreign entry that you don't recognize there, delete it, and it stops the virus from loading on boot. Then at least it buys you some time to delete the other files. But as long as it loads on boot, Windows won't let you delete it.
0
The Backdoor.Sdbot program name I found in, and removed from, my son's computer is called svchosts.exe... the corresponding Run and RunServices registry name appears to be svshosts! Other "infected" programs found were regstr.exe, qyqcc.exe, and kempoo.exe.
I also simultaneously found the Backdoor.Optix trojan... under the name wsock32.exe
0
Is there any information on how big this file's supposed to be?
I've found a suspicious looking file on my computer called svshosts.exe (1.672.192 bytes) which was running in the background. When I take a look at the file it seems to be packed by something called PEPACK. Most of the file's blank (ie 0x00).
I've killed the process and removed the file. I can't see any entries in my registry hive that indicates sdbot, and my antivirus (nav2002) has not said a word. But it's not the first time that software has failed me.
Any help to find here?Regards,
0
how did u delete it?!?!
I got the same file running now and its communicating through my broadband connection as we speak!
My antivirus (AVG) has not said a word and my firewall (Sygate) wont block it!
I've found the file in the system folder but it wont let me delete it as its says windows is running it.. i would stop it running but it aint in the close dialog box!
ARGHHHHHHH please help.....
0
w00t! ?
I hade the backdoor.Sdbot virus in a file called svshosts.exe and I just pressed ctrl+alt+del and stopped the program (svshosts.exe) and the i did a virus scan *PhoW* the virus was gone :D
and now i'm so happpy!!! :DDD
....damn irc virus .... musn't been when i joined the #porn channel for fun :/
well WOOHOO!!! l8r
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
