Author Topic: Unable to get rid of it!  (Read 6748 times)

0 Members and 1 Guest are viewing this topic.

hojc82

  • Guest
Unable to get rid of it!
« on: May 28, 2004, 03:46:06 AM »
Win32:SdBot-194-B [Trj]
C:\WINDOWS\system32\mssvc32.exe\[PeShield]

could someone pls help????

hojc82

  • Guest
Re:Unable to get rid of it!
« Reply #1 on: May 28, 2004, 03:46:27 AM »
i cant delete it, repair or move it!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
The best things in life are free.

hojc82

  • Guest
Re:Unable to get rid of it!
« Reply #3 on: May 28, 2004, 04:18:58 AM »
u mean avast cant get rid of it?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Unable to get rid of it!
« Reply #4 on: May 28, 2004, 04:22:23 AM »
No, I didn't. I just try to help you to get rid from it.
That sites have informations that you could follow.

Did you scan your system with avast?
Does your avast installation is updated?
The best things in life are free.

hojc82

  • Guest
Re:Unable to get rid of it!
« Reply #5 on: May 28, 2004, 04:24:20 AM »
yes...i've updated everything i could


CharleyO

  • Guest
Re:Unable to get rid of it!
« Reply #6 on: May 28, 2004, 05:13:12 AM »

To get the appropriate help. you should give more information about your computer system ... OS, etc.    ::)  

Have you tried starting your sustem in safe mode and then running a scan with avast?    ???  



hojc82

  • Guest
Re:Unable to get rid of it!
« Reply #7 on: May 31, 2004, 05:04:26 AM »
I'm using XP home, on ethernet modem.

With Zonealarm Free edition firewall.

Have used other software e.g. AVG, Trojan Hunter etc in safe mode and normal mode. no trojan found

However, used Adaware in safe mode. Found a "DSO exploit" which i deleted. however it gets back when i scan aGain

Right now, I can't do anything to this trojan with Avast at all

Can't even delete while in Safe mode

Max M.Wachtel III

  • Guest
Re:Unable to get rid of it!
« Reply #8 on: May 31, 2004, 06:13:24 AM »
hojc-
Go to House Call  http://housecall.trendmicro.com/
Do a on-line scan
Post back with results
-max

hojc82

  • Guest
Re:Unable to get rid of it!
« Reply #9 on: May 31, 2004, 07:04:59 AM »
done....even tried symantec online scan and anti-vir PE

seems that only avast can detect this...but it doesn't clean it

Max M.Wachtel III

  • Guest
Re:Unable to get rid of it!
« Reply #10 on: May 31, 2004, 07:31:54 AM »
Try this:
Open a Command Prompt window and leave it open.

Close all open programs. Click Start -> Run and type "taskmgr"

Go to the Processes tab and End Process on "explorer.exe".

Leave Task Manager open. Go back to the Command Prompt window and change to the directory where the undeletable file is located in.

At the command prompt type DEL where is the file you wish to delete.

Go back to Task Manager, click File -> New Task and type "explorer.exe" to restart the GUI shell.

Close Task Manager.

from T-Lab  http://v2.tlab404.com/articles/detail.asp?iFaq=260&iType=20

Hope it helps
-max

hojc82

  • Guest
Re:Unable to get rid of it!
« Reply #11 on: May 31, 2004, 08:11:23 AM »
cant....

i cant even find e file which avast reported to be infected....

i think it's either a false positive or a die-hard trojan..

Max M.Wachtel III

  • Guest
Re:Unable to get rid of it!
« Reply #12 on: May 31, 2004, 09:06:49 AM »
I found this on google see:http://protools.anticrack.de/packers.htm#peshield

PE-SHiELD by ANAKiN [DaVinci]. 03.II.2000.
PE-SHiELD v0.25 (32K).

- Fixed a few little bugs on request and added some AD stuff.

PE-SHiELD is a program, which encrypts 32-bit Windows EXE files, leaving them still executable. The previous version was over a year in the wild and there is still no unpacker for it.

-max

hojc82

  • Guest
Re:Unable to get rid of it!
« Reply #13 on: May 31, 2004, 09:38:07 AM »
hmmm....i'm unable to identify e cause of e virus......


hojc82

  • Guest
Re:Unable to get rid of it!
« Reply #14 on: May 31, 2004, 09:50:58 AM »
i tried decryting it....no luck there...