PDA

View Full Version : Some Advise(please)*Red Highlight

hayc59
October 20th, 2003, 10:38 PM
Scan performed at: 10/20/03 19:29:53 PM******************
Scanning Log******************
NOD32 version 1.537 (20031020)******************
Operating memory - is OK******************
******************
date: 20.10.2003 time: 19:29:55******************
Scanned disks, directories and files: C:******************
C:\WINDOWS\WIN386.SWP - error opening (file locked) [4]******************
C:\WINDOWS\TEMP\JETCFC8.TMP - error opening (file locked) [4]******************
C:\Program Files\WinRAR\Default.SFX - Win32/IRC.SdBot.EC trojan******************
number of files scanned: 40156******************
number of viruses found: 1******************
time of termination: 19:34:15 total scanning time: 260 sec (00:04:20)******************
******************
Notes:******************
[4] File cannot be open. It is being exclusively used by another application or operating system.******************
******************
hayc59
October 20th, 2003, 10:40 PM
scanning with TrojanHunter/Ad-Aware
comes up clean??
any help would be nice.
unless its a falsey ;D
JPM
October 20th, 2003, 10:44 PM
I have seen a couple of people with this after todays update. I scanned my system with NOD32 and I show it as well on two files that I know are clean. I would say this is a false positive, as I also scanned with KAV, TDS-3 and have BOClean running resident and they show nothing out of the ordinary :) I think it will be fixed soon by ESET.
Q Section
October 21st, 2003, 12:19 AM
-{ Quote: " quoting: JPM link=board=39;threadid=15213;start=0#msg95100 date=1066704293] I think it will be fixed soon by ESET.
" }-

Hello hayc59

Looks like you have picked up a good one - although the threat level is rated low. This is a Backdoor trojan. BTW - you do run NOD32 do you not? This is found in the update for 20OCT03 NOD32 v.1.537.

This page has some information regarding sdbot code:http://www.theregister.co.uk/content/56/31480.html

Virus List has some more info here:
www.viruslist.com/eng/viruslist.html?id=51544 (http://www.viruslist.com/eng/viruslist.html?id=51544)

Best wishes and cleaning :)
sig
October 21st, 2003, 12:54 AM
As previously noted, given the number of similar reports here today after today's update, with other scanners showing OK, it may be a false positive. File appears to have been sent to ESET so perhaps tomorrow's update will correct it. Just a guess.
LowWaterMark
October 21st, 2003, 01:42 AM
Answer from Rod and further discussion over here:

http://www.wilderssecurity.com/showthread.php?t=15223