Author Topic: How to remove win32:sdbot-gen44[Trj]  (Read 3802 times)

0 Members and 1 Guest are viewing this topic.

Micik

  • Guest
How to remove win32:sdbot-gen44[Trj]
« on: March 08, 2007, 01:15:38 PM »
Hello people,
I have installed Avast on one computer (win2000) and it found win32:sdbot-gen44[Trj] trojan horse. Unfortunately I cannot get rid of it because every time I click on delete, after an hour or two new notification is raised.
Computer is on the local network and has strange behavior. When I restart the computer, network works OK, and every other computer can access to it.
After two or three hours, every attempt to access the computer fails when error message that server cannot perform requested operation, although ping works and computer respond to ping OK.
Could this win32:sdbot-gen44[Trj] be the cause of such networking behavior?
How can I remove it?
Thanks.

mauserme

  • Guest
Re: How to remove win32:sdbot-gen44[Trj]
« Reply #1 on: March 08, 2007, 01:35:03 PM »
Hi Micik - Welcome to the forum.

What is the file name and full path?  Does the name change or remain contstant?

I suggest you remove this computer from the lan until this is resolved.  Will you be able to use another computer for downloads if we need to?

EDIT:

Are your Windows Updates current?
« Last Edit: March 08, 2007, 01:37:50 PM by mauserme »

Micik

  • Guest
Re: How to remove win32:sdbot-gen44[Trj]
« Reply #2 on: March 08, 2007, 02:36:00 PM »
No, windows 2000 is not up to date. Where can I download new updates for win2000 if there is still support for win2000 from Microsoft?
Every time I delete infected file, but it is created again.
Unfortunately I cannot remove this computer from LAN because there is very important data (from one kind of monitoring) on it. Is there any virus/troyan remove utility I can use to remove it?
Also I cannot find more information about this specific virus. Maybe it is worm sdbot or similar name in other antivirus software!?!
Thanks in advance.

mauserme

  • Guest
Re: How to remove win32:sdbot-gen44[Trj]
« Reply #3 on: March 08, 2007, 02:43:21 PM »
Well, I should have said "as up to date as possible".  I'm guessing its an exploit that would have been patched a long time ago.

But what is the file name/path?

Micik

  • Guest
Re: How to remove win32:sdbot-gen44[Trj]
« Reply #4 on: March 08, 2007, 03:10:33 PM »
File name is:
C:\Program Files\Alwil Software\Avast4\data\moved\[eXPressor]....
That is all I know so far...

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: How to remove win32:sdbot-gen44[Trj]
« Reply #5 on: March 08, 2007, 06:55:23 PM »
How can I remove it?
Why didn't you move the file to Chest instead of that folder?
You can delete that file or send it to Chest (right clicking the Chest area and choosing to move the file).
Did you Disable/Enable System restore?
Did you schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot.
Did you use trojan remover tools: a-squared and/or Free AVG Antispyware?
The best things in life are free.

mauserme

  • Guest
Re: How to remove win32:sdbot-gen44[Trj]
« Reply #6 on: March 08, 2007, 08:16:35 PM »
[Did you Disable/Enable System restore?
Did you schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot.
Did you use trojan remover tools: a-squared and/or Free AVG Antispyware?
In addition to Tech's recommendations  ::) could you post the original path and file name?