Author Topic: Win32:Sdbot-545 [trj] .  (Read 2324 times)

0 Members and 1 Guest are viewing this topic.

Zwabbe

  • Guest
Win32:Sdbot-545 [trj] .
« on: March 19, 2006, 08:30:44 AM »
This is in my msconfg.exe . Is there any sort of removal tool that wont destroy the exe itself.?

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Win32:Sdbot-545 [trj] .
« Reply #1 on: March 19, 2006, 10:32:45 AM »
Hi Zwabbe,

The SDBot seems to run services at start-up which make it difficult for avast! to remove, even during a bootime scan. (The signature for this malware is avast!'s definitions.)

http://forum.avast.com/index.php?PHPSESSID=0814327f4953f2248691b29063a052e3&topic=6410.msg49609

I'd recommend Trend Micro Sysclean. If necessary, download the files on another computer. Extract the Zip file and copy to a CD. Start your computer in safe mode, copy the files to your desktop and run from there.

Quote
If you are not a Trend Micro customer please download the following file.

http://uk.trendmicro-europe.com/enterprise/support/tsc.php

Quote
For the TSC package to be effective, you must download and use the latest pattern file. Place the pattern file in the same folder as the Trend Micro System Cleaner Package.

http://uk.trendmicro-europe.com/enterprise/support/pattern.php

Then run a boot time scan with avast! if supported on your system? (Right click on the scanner screen and select 'schedule a boot time scan'- set the default action to move to chest if you have a cordless keyboard because it won't work during the scan.)

If you are concerned about possible other malware/spyware infections, please run the following scans:

Ewido (XP'Win2000 only)

http://www.ewido.net/en/

     and/or a-Squared http://www.emsisoft.com/en/

After that, download, install, update and scan with the following programs, preferably in safe mode (tap F8 while booting.)

Ad-Aware http://www.majorgeeks.com/download506.html

Spybot Search & Destroy http://www.safer-networking.org/

When you have finished, make sure you visit Microsoft Update and download all the critical updates, as this infection may be a sign of an operating system with unpatched security vulnerabilities.

Good luck!
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog