Author Topic: Cannot clean the SdBot-545  (Read 5741 times)

0 Members and 1 Guest are viewing this topic.

yerom

  • Guest
Cannot clean the SdBot-545
« on: August 04, 2004, 11:00:58 PM »
HEllo,
i'm in trouble with the Win32:SdBot-545 [trj].

The trojan is in the msconfg.exe file which is in the C:/windows/system32 folder.
I can remove the virus from my computer.
Avast cannot repair it.
I try Hijackthis, clean or (delete?).

But the trojan is always at startup...
Like the bad guy in "friday the 13th" :)

What could i do to kill him definitely ?

thanks by advance.
yerom

whocares

  • Guest
Re:Cannot clean the SdBot-545
« Reply #1 on: August 05, 2004, 01:08:17 AM »
Hi,

please
- read the link "VirusRemoval" belwo in my sig
- post the hijackthis-log
- report the exact results of onlinescans with Trend, RAV & KAV on the suspicious file(s)/the whole PC

read here:
SdBot-545

This strongly suggests that you
- don't have all Windowsupdates applied and/or
- use insecure passwords and/or
- are careless with IRC or FileSharing/P2P


 ;)

Online DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88144
  • No support PMs thanks
Re:Cannot clean the SdBot-545
« Reply #2 on: August 05, 2004, 01:13:16 AM »
Hi yerom,

Do a search of the forums for Win32:SdBot you will find a lot of hits for sdbot.

Check out this thread also General Advice&Tools for virus/trojan/malware removal

If you need more help, come back here with more info....

the file msconfg.exe is not a windows file, msconfig.exe is, what they are attempting to do is confuse with a mis-spelling of a system file. This assumes that you havent mis-typed the trojan name.

HTH David
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.9.6082 (build 23.9.8494.792) UI 1.0.781/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

techie101

  • Guest
Re:Cannot clean the SdBot-545
« Reply #3 on: August 05, 2004, 02:38:01 AM »
yerom,

Firstly, make sure that you have updated Avast to the latest database.  The virus you name W32:sdbot-545 was included into the VPS 0432-1 for detection.
If you have an older database, then Avast will not be able to detect and remove it.

Secondly, once you have removed it......
if it comes back, then you have not eliminated the source that gave it to you in the first place.

As has been mentioned, IRC and File sharing are the most common ways that this trojan is spread.
Do you use Kazaa or any similar utility?  What about music sharing?

Make sure that all Windows updates are downloaded and installed.  Always reboot after the updates to get all your programs to "settle in" again.

Let me know how things turn out.

yerom

  • Guest
Re:Cannot clean the SdBot-545
« Reply #4 on: August 05, 2004, 08:49:44 AM »
Hello,

thanks for all your answers.

Well, i dont have any P2P installed or IRC.
I just install my system recently and i don't use it. I just put avast first and it find this trojan on the msconfg.exe file. (that's the real name, no error in it)

I rename and move it. So the the msconfg.exe in c:/windows/system32 folder seem to be clean but the renamed file in the avast/moved folder is still infected.
Avast detect it but don't clean it.

I have the last database installed.


This the hijackthis-log report for my computer :
(I don't really know to use hijackthis in fact)

Logfile of HijackThis v1.98.0
Scan saved at 08:40:58, on 05/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\WINDOWS\System32\wuamgrd.exe
C:\WINDOWS\System32\ati2vid.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Administrateur\Bureau\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat Reader\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [spoolsv.exe] wuamgrd.exe
O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\RunServices: [Windows Service Pack2] svchhost.exe
O4 - HKLM\..\RunServices: [spoolsv.exe] wuamgrd.exe
O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKCU\..\Run: [spoolsv.exe] wuamgrd.exe


Thank you for great help
Yerom

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31089
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Cannot clean the SdBot-545
« Reply #5 on: August 05, 2004, 09:00:52 AM »
Disable system restore, reboot, fix the following things with HJT, reboot. Than run a full system scan with Avast.

\WINDOWS\System32\wuamgrd.exe
04 - HKLM\..\Run: [spoolsv.exe] wuamgrd.exe
O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
04 - HKLM\..\RunServices: [Windows Service Pack2] svchhost.exe
O4 - HKLM\..\RunServices: [spoolsv.exe] wuamgrd.exe
O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKCU\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKCU\..\Run: [spoolsv.exe] wuamgrd.exe
« Last Edit: August 05, 2004, 09:02:19 AM by Artras »

whocares

  • Guest
Re:Cannot clean the SdBot-545
« Reply #6 on: August 05, 2004, 11:46:00 AM »

Make sure that all Windows updates are downloaded and installed.  

or it will always come back...

yerom

  • Guest
Re:Cannot clean the SdBot-545
« Reply #7 on: August 06, 2004, 10:15:49 AM »
Hello

I got rid of him...
Thanks for your help.
:)

yerom