please help with a virus problem?

Running AVG on my Windows ME (insert joke here) it finally found a virus it couldn't fix. Virus found is IRC/BackDoor.SdBot
I've tried the online scan with Trend Micro and it found it as well. The infected file is C:\WINDOWS\SYSTEM\SYS32AB.EXE

Apparently the system file is always in use and the only other time I tried to tinker with a system file resulted in a hard drive reformatting.
I was just wondering if this file is possible to fix or replace by a fairly novice operator.

 

Well, first do a Ctrl+Alt+Delete and see if the file is running, if it is, shut it down, attempt to repair it, or maybe one of the Antvirus sites has a removal tool? I'm not too sure, if you're running AVG, how did you get it in the first place? mine stopped it from infecting me, with my 9/11/03 update also, if its not in Ctrl+Alt+Delete, go to http://www.sysinternals.com/ntw2k/freeware/procexp.shtml and download Process Explore, run that, see if its running, if it is, kill the process as stated before, and try to repair.. Sorry, I'm a relative n00bie myself at this stuff, but getitng better everyday, I do however know a little bit more about viruses and stuff then firewalls

 

Thanks Comp01... That sysinternals proggie is pretty neat. I had tried several start up and shut down programs, but none of them could find that particular system file.
My last update with AVG was on the first of the month. On a dial-up connection, I check for updates manually, usually once a week. (maybe more often now...)

Anyhow, after killing the process AVG could place the infected file in its' "virus vault" so hopefully that will be the end of the problem.

Thanks again

 

Since you're on win ME make sue when you're clean, to disable sysetm restore, reboot, check if you're still clean, enable system restore, make manually a new restore point, you might like to reboot and check if that new point works properly before continuing happy on your clean system.
Spybots are more in the trojan area then in viruses, in my opinion
If you look at the Diamondcs site you'll find in the free tools the AutostartViewer, which enables you to look and kill processes and their registry keys. You might like to give that a try too.

 

Where do you want your joke in that line?
This last major worm outbreak didn't touch your machine. This RPC-DCOM vulnerability only affects Windows NT+ systems (although there's a SecurityFocus report (although undocumented) indicating otherwise...

 

Thanks for the reminder about the system restore.

The infection seemed a lot more characteristic of a Trojan to me also, but my trojan remover didn't even pick up a problem...

I'm still not even sure if it was picked up via e-mail or scripting. I usually don't even open mail unless I know the sender, and haven't opened anything at all for a good while. Due to fantasy football season I've been doing a lot of surfing and downloading using med. security (active x enabled) which is why I think it might have been a a script.

The Win ME OS works fine for my purposes (graphics, music, and games), but it seems that techies in general have nothing but scorn for it. Something about no access to DOS really seems to aggravate programmers. Thus the (insert joke here) line.

Thanks again guys...