Author Topic: W32/Sdbot.worm.gen.o not detected by Avast?!? (Read 5151 times)

pbb · « **on:** June 04, 2004, 06:03:58 PM »

I started noticing my machine was infected because my regedit closes immediately when I try to launch it. I've had Avast active all the time, and a scan of my harddisk found no virusses.
However, when I ran McAfee's Stinger, it found two files from the W32/Sdbot.worm.gen.o virus. According to McAfee's website, this virus has been known since 04/10/2003. Even a specific directory scan with Avast turned up nothing. How is it possible Avast doesn't recognize it???

My configuration:
- Windows XP Pro SP1
- Avast Home Edition 4.1.396 (Apr2004)
- VPS file version 0423-1 (02.06.2004)
- McAfee Stinger 2.2.7 (5/18/2004)

RejZoR · « **Reply #1 on:** June 04, 2004, 07:03:40 PM »

Send the sample to virus@asw.cz

pbb · « **Reply #2 on:** June 04, 2004, 07:37:06 PM »

Okay, did that. VERY disappointed that Avast apparently doesn't know this virus!

RejZoR · « **Reply #3 on:** June 04, 2004, 08:23:50 PM »

It happens since SdBot has a quiet huge family. Since its a worm it doesn't do any damage like real viruses that reformat your disk or something like that. If the file you send is confirmed to be a worm,then avast! will be able to clean it after next VPS update. No worries

pbb · « **Reply #4 on:** June 04, 2004, 08:31:16 PM »

No "physical" harm was done, but not being able to use the registry editor has caused some problems over the last weeks, and according to McAfee's information, my computer was open to anyone who is able to control this virus...
Anyway, I hope you will be able to include this virus soon.

RejZoR · « **Reply #5 on:** June 04, 2004, 08:47:34 PM »

Use firewall. There are some fine free firewalls. With them you can block any program that looks suspicious (e.g. program with name sdjkhdg536.exe is most probably not a good program since no "clean" program use such name).

seahorse · « **Reply #6 on:** June 05, 2004, 01:16:54 AM »

As i posted in another post : if you have windows XP

There is only 1 way to fix a virus in System Volume Information

To get into system volume information :

Go into system restore, to the left, click "system restore settings" and turn system restore off. Press apply. This will purge all of system restore, restart the PC, and then you should hopefully be able to turn it back on

This is a protected folder for System Restrore, and that is the only was to delete it, You will lose all your checkpoints as it will delete them all. However as soon as you have restarted the PC you should be able to turn it on

As I said before, this is the only way to delete system volume info files, trying to delete them using other methods might cause damage.
If you have windows ME i suggest you follow this link :
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q263455

It worked for me but had to unplug pc replug to get it started

pbb · « **Reply #7 on:** June 05, 2004, 11:56:13 AM »

No worries, I already turned off System Restore a long time ago. I never use it, and it takes lots of diskspace...

Author Topic: W32/Sdbot.worm.gen.o not detected by Avast?!? (Read 5151 times)

pbb

W32/Sdbot.worm.gen.o not detected by Avast?!?

RejZoR

Re:W32/Sdbot.worm.gen.o not detected by Avast?!?

pbb

Re:W32/Sdbot.worm.gen.o not detected by Avast?!?

RejZoR

Re:W32/Sdbot.worm.gen.o not detected by Avast?!?

pbb

Re:W32/Sdbot.worm.gen.o not detected by Avast?!?

RejZoR

Re:W32/Sdbot.worm.gen.o not detected by Avast?!?

seahorse

Re:W32/Sdbot.worm.gen.o not detected by Avast?!?

pbb

Re:W32/Sdbot.worm.gen.o not detected by Avast?!?