Author Topic: Help Please....! I'm infected...!  (Read 5101 times)

0 Members and 1 Guest are viewing this topic.

Offline tangledwebster

  • Jr. Member
  • **
  • Posts: 21
Help Please....! I'm infected...!
« on: July 14, 2004, 11:51:35 PM »
Avast Pro Trial says that I'm infected with

             "win32:sdbot-542[trj]"

It also says it is unrepairable...?!


tangledwebster

Offline lee20

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2326
  • The only true failure is when you give up
Re:Help Please....! I'm infected...!
« Reply #1 on: July 14, 2004, 11:59:45 PM »
It is unrepairable because it is a trojan [trj] tangledwebster, which means there was no origional file for it to infect, so it can't be repaired (put to its origional specs), it was placed on your computer as it is now and will either try to gather info about you like passwords, firewall, OS, browser and send them off or it wil try to give someone else (a hacker) control over your computer, so it is fine to deleat it i think.

This is the infomaion i found on it "Backdoor.Sdbot is a Backdoor Trojan Horse that allows the Trojan's creator to control a computer by using Internet Relay Chat (IRC). Backdoor.Sdbot can update itself by checking for newer versions over the Internet"
hope this helps.

--lee
« Last Edit: July 15, 2004, 12:00:02 AM by lee16 »

"Anyone who has never made a mistake has never tried anything new."-Albert Einstein

Comodo Firewall, Avast 4.8, SpywareBlaster, Spybot + superantispyware, PeerGuardian and ALL software patched!

Offline techie101returns

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1900
Re:Help Please....! I'm infected...!
« Reply #2 on: July 15, 2004, 01:01:55 AM »
lee,

Tanglewebster is absolutetly correct....

Dtich the thing and delete it.
Run a FULL Avast scan with the scanner set to Thorough and with Archives.

Also run an antispyware scan using something like Adaware of Spybot S and D.

You should then be ok.

Offline tangledwebster

  • Jr. Member
  • **
  • Posts: 21
Re:Help Please....! I'm infected...!
« Reply #3 on: July 15, 2004, 06:05:38 AM »
Why did avast allow the trojan in the first place...?

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11808
    • AVAST Software
Re:Help Please....! I'm infected...!
« Reply #4 on: July 15, 2004, 09:55:49 AM »
Well, it depends... where exactly (what file) was the worm detected?
Maybe it got on your computer before the detection of this worm was added?

Offline tangledwebster

  • Jr. Member
  • **
  • Posts: 21
Re:Help Please....! I'm infected...!
« Reply #5 on: July 15, 2004, 04:11:23 PM »
I want to explore this further...

Please eloborate....

I know the sytstem was clean prior to intalll avast.
I know avast needed to go online to do an update.
Is their another way to do updates without going online?

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:Help Please....! I'm infected...!
« Reply #6 on: July 15, 2004, 04:32:32 PM »

I know the sytstem was clean prior to intalll avast.


How do you know this ??
didn't you ever connect to the net before ?

the SDBOT was added to avast's database with VPS 0428-0, on 07.07.2004
and it sounds to me as it's a network aware Trojan/worm which spreads through security holes in unpatched/unsecured WINs

Al this implies that you didn't apply all Windowsupdates patches, before going online.. (or did so without a firewall)
or you usd very weak passwords..

*

you can download updates from avast main page (on another PC), and install them

please answer the question as to where the virus was found: folder/filename !!

« Last Edit: July 15, 2004, 04:36:00 PM by whocares »

Offline lee20

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2326
  • The only true failure is when you give up
Re:Help Please....! I'm infected...!
« Reply #7 on: July 15, 2004, 04:34:27 PM »
Quote
lee,

Tanglewebster is absolutetly correct....

Dtich the thing and delete it

This is what i said.......

Quote
I know the sytstem was clean prior to intalll avast

you can't be 100% sure of that, but if it is then it is unfortanate that the trojan made it past the resident shild, it all depends what level it is on i.e. high, medium or low, but unfortanatly it is imposible for avast! to stop every virus/trojan from getting on your pc because they are created to fool AV's and firewalls, (remember the battle of troy when they used the trojan hourse, its the same concept), but firewalls are more efficent on blocking viruses/trojans/malware.

Quote
I know avast needed to go online to do an update.
Is their another way to do updates without going online?

If there is i would like to no how it is posible, you have to either auto update it, or you could manuly download then install it to avast!, but i suppose you could download it at a freinds house and bring it to yours........

--lee
« Last Edit: July 15, 2004, 04:36:42 PM by lee16 »

"Anyone who has never made a mistake has never tried anything new."-Albert Einstein

Comodo Firewall, Avast 4.8, SpywareBlaster, Spybot + superantispyware, PeerGuardian and ALL software patched!

Offline tangledwebster

  • Jr. Member
  • **
  • Posts: 21
Re:Help Please....! I'm infected...!
« Reply #8 on: July 15, 2004, 05:03:45 PM »
I'll provide the directory path as soon as I get back to that computer.  It's accross town on a client's computer.

As for my confidence of whether or not the machine was clean prior to installl....
 
System was restored to factorory spec less connection online.

I installed  Avast prior to connecting to the net.

I also a\v scanned the hdd w/Avast prior to the net via another machine.

No, I did not run windows updates or use a firewall prior to infections or going online.

I am not aware of a way to rud windows updates without going online...i.e., a standalone update that I can download on anoter machine...?



Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:Help Please....! I'm infected...!
« Reply #9 on: July 15, 2004, 05:29:27 PM »

System was restored to factorory spec less connection online.
I installed  Avast prior to connecting to the net.
I also a\v scanned the hdd w/Avast prior to the net via another machine.
No, I did not run windows updates or use a firewall prior to infections or going online.


Hi,

sadly, nowadays that's not enough:
a network worm might/will infect you as soon as going online..
especially if your virus definitions are not totally uptodate..
and even then: NO antivirus will detect everything

please read "VirusRemoval" below on how to set up a system properly by applying patches offlien or behind a firewall
follow the advice on how to secure it better..

we need the path/location to decide whether the trojan was active on your PC, if so:
-->
if this machine contains confidential data, you should maybe format and set it up again. But at least change all the passwords !
also see the above link on backdoors..


 ;)

Offline tangledwebster

  • Jr. Member
  • **
  • Posts: 21
Re:Help Please....! I'm infected...!
« Reply #10 on: July 16, 2004, 04:40:07 AM »
ok, just got the path....

win.32sdBot-542[Trj]

c:\\wwnt\temp\tr2ll.tmp

I want to keep a file of these reports and do not see an option to save to file...?