W32/Sdbot.worm.gen.h ???

Discussion in 'malware problems & news' started by Decapad, Jan 12, 2006.

Thread Status:
Not open for further replies.
  1. Decapad
    Offline

    Decapad Registered Member

    Hi - I have been getting a recurring worm, the W32/Sdbot.worm.gen.h, which is only detected by the Mcafee online scanner(of the several I use). It shows the infected file name as: E:\WINDOWS\system32\l074.exe But no matter what I do to find it(tracing the folders, search, safe mode, show hidden files, etc..) I come up empty. Can't seem to find it. Any ideas? Many thanks, Deca
  2. TopperID
    Offline

    TopperID Registered Member

  3. Decapad
    Offline

    Decapad Registered Member

    Hi TopperID, Thank u for ur time & response. The Kaspersky, Symantec, Bit Defender & Trend Micro Online scanners all showed no infections. Of course the goofy Mcafee scanner does not remove the infection...(Hmmm) & The Stinger came up empty as well. Well I guess I should just hope it's one of those benign bugs that don't really do much damage!:doubt: Thanks again! D:thumb:
  4. TopperID
    Offline

    TopperID Registered Member

    If McAfee is the only scanner fingering the file, and you have no symptoms, I would say it could be a false alarm.

    There are ways of attempting to delete things when you have the file path but cannot access the file. One example being KillBox:-

    http://www.majorgeeks.com/download.php?det=4709

    You just enter the file path and set it to delete on reboot. But I really don't know whether it would be appropriate to use such a tool when you are not even certain you have a bad file. I would be inclined to leave things be for the moment and see how it shapes up.

    Maybe if you try the McAfee scanner at a later date, after it has updated, it will stop finding this thing?

    Edit - a thought has just occured (yes it happens:D ), did you set all those scanners you used to specifically scan your E Drive where this thing is said to reside?
  5. Decapad
    Offline

    Decapad Registered Member

    TopperID - U R DA MAN!!! This Killbox tool ripped that virus out by the roots!!!! I can not thank u enuf for knowing about that one! (Free to boot!) Oh yes - I did have the scanners set for the E drive when I did the scans...(v funny too:gack: ) All scans clean & green! Tx again, Deca;)
  6. TopperID
    Offline

    TopperID Registered Member

    Glad to hear you got rid of it. It's very frustrating the way these things can hide so you can't get at 'em - but l074.exe hardly sounds like a genuine system file, so good riddence...:D

    In fact, having read this, it's probably just as well you did get rid of it:-

    http://www.bleepingcomputer.com/startups/l074.exe-13881.html
  7. metallicakid15
    Offline

    metallicakid15 Registered Member

    you could of tried avast
Thread Status:
Not open for further replies.