Author Topic: Unable to get rid of it!  (Read 5741 times)

0 Members and 1 Guest are viewing this topic.

Offline hojc82

  • Newbie
  • *
  • Posts: 9
Unable to get rid of it!
« on: May 28, 2004, 03:46:06 AM »
Win32:SdBot-194-B [Trj]
C:\WINDOWS\system32\mssvc32.exe\[PeShield]

could someone pls help????

Offline hojc82

  • Newbie
  • *
  • Posts: 9
Re:Unable to get rid of it!
« Reply #1 on: May 28, 2004, 03:46:27 AM »
i cant delete it, repair or move it!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
The best things in life are free.

Offline hojc82

  • Newbie
  • *
  • Posts: 9
Re:Unable to get rid of it!
« Reply #3 on: May 28, 2004, 04:18:58 AM »
u mean avast cant get rid of it?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re:Unable to get rid of it!
« Reply #4 on: May 28, 2004, 04:22:23 AM »
No, I didn't. I just try to help you to get rid from it.
That sites have informations that you could follow.

Did you scan your system with avast?
Does your avast installation is updated?
The best things in life are free.

Offline hojc82

  • Newbie
  • *
  • Posts: 9
Re:Unable to get rid of it!
« Reply #5 on: May 28, 2004, 04:24:20 AM »
yes...i've updated everything i could


Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7085
  • Be alert for error code - ID 10T
Re:Unable to get rid of it!
« Reply #6 on: May 28, 2004, 05:13:12 AM »

To get the appropriate help. you should give more information about your computer system ... OS, etc.    ::)  

Have you tried starting your sustem in safe mode and then running a scan with avast?    ???  


Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline hojc82

  • Newbie
  • *
  • Posts: 9
Re:Unable to get rid of it!
« Reply #7 on: May 31, 2004, 05:04:26 AM »
I'm using XP home, on ethernet modem.

With Zonealarm Free edition firewall.

Have used other software e.g. AVG, Trojan Hunter etc in safe mode and normal mode. no trojan found

However, used Adaware in safe mode. Found a "DSO exploit" which i deleted. however it gets back when i scan aGain

Right now, I can't do anything to this trojan with Avast at all

Can't even delete while in Safe mode

Offline Max M.Wachtel III

  • Sr. Member
  • ****
  • Posts: 326
  • Long Live Freeware
    • Keeping Windows Clean
Re:Unable to get rid of it!
« Reply #8 on: May 31, 2004, 06:13:24 AM »
hojc-
Go to House Call  http://housecall.trendmicro.com/
Do a on-line scan
Post back with results
-max
When I stop learning I stop living-max
Virus Removal Instructions
http://home.neo.rr.com/manna4u/

Offline hojc82

  • Newbie
  • *
  • Posts: 9
Re:Unable to get rid of it!
« Reply #9 on: May 31, 2004, 07:04:59 AM »
done....even tried symantec online scan and anti-vir PE

seems that only avast can detect this...but it doesn't clean it

Offline Max M.Wachtel III

  • Sr. Member
  • ****
  • Posts: 326
  • Long Live Freeware
    • Keeping Windows Clean
Re:Unable to get rid of it!
« Reply #10 on: May 31, 2004, 07:31:54 AM »
Try this:
Open a Command Prompt window and leave it open.

Close all open programs. Click Start -> Run and type "taskmgr"

Go to the Processes tab and End Process on "explorer.exe".

Leave Task Manager open. Go back to the Command Prompt window and change to the directory where the undeletable file is located in.

At the command prompt type DEL where is the file you wish to delete.

Go back to Task Manager, click File -> New Task and type "explorer.exe" to restart the GUI shell.

Close Task Manager.

from T-Lab  http://v2.tlab404.com/articles/detail.asp?iFaq=260&iType=20

Hope it helps
-max
When I stop learning I stop living-max
Virus Removal Instructions
http://home.neo.rr.com/manna4u/

Offline hojc82

  • Newbie
  • *
  • Posts: 9
Re:Unable to get rid of it!
« Reply #11 on: May 31, 2004, 08:11:23 AM »
cant....

i cant even find e file which avast reported to be infected....

i think it's either a false positive or a die-hard trojan..

Offline Max M.Wachtel III

  • Sr. Member
  • ****
  • Posts: 326
  • Long Live Freeware
    • Keeping Windows Clean
Re:Unable to get rid of it!
« Reply #12 on: May 31, 2004, 09:06:49 AM »
I found this on google see:http://protools.anticrack.de/packers.htm#peshield

PE-SHiELD by ANAKiN [DaVinci]. 03.II.2000.
PE-SHiELD v0.25 (32K).

- Fixed a few little bugs on request and added some AD stuff.

PE-SHiELD is a program, which encrypts 32-bit Windows EXE files, leaving them still executable. The previous version was over a year in the wild and there is still no unpacker for it.

-max
When I stop learning I stop living-max
Virus Removal Instructions
http://home.neo.rr.com/manna4u/

Offline hojc82

  • Newbie
  • *
  • Posts: 9
Re:Unable to get rid of it!
« Reply #13 on: May 31, 2004, 09:38:07 AM »
hmmm....i'm unable to identify e cause of e virus......


Offline hojc82

  • Newbie
  • *
  • Posts: 9
Re:Unable to get rid of it!
« Reply #14 on: May 31, 2004, 09:50:58 AM »
i tried decryting it....no luck there...