Trojan horse IRC/BackDoor.SdBot.28.D

Discussion in 'malware problems & news' started by rebelyuz, Aug 1, 2004.

Thread Status:
Not open for further replies.
  1. rebelyuz

    rebelyuz Registered Member

    Joined:
    Aug 1, 2004
    Posts:
    11
    i ran AVG and detected Trojan horse IRC/BackDoor.SdBot.28.D in waumgrd.exe
    at first it was a successfull heal,everything went well till the next day...i had a pop-up from AVG resident shield...

    Virus
    Trojan horse IRC/BackDoor.SdBot.28.D

    is found in file
    C:\System Volume Information\_restore{6e6B09CF-137C-42DF-AFD0-3A1AEC74CCBC}\RP29\A0005105.exe

    To remove this virus, please run AVG for Windows

    I tried running AVG(updated) again but it could not detect it,i tried Ad-aware and The Cleaner,still cant detect it, :'( is there any way i could remove this?i need help its slowing down our internet connection,i had to turn off some of the pc's that have this virus just to get back the speed.i need help...

    thanks
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Ah, that file is simply stuck in the System Restore area. (AVG is very good at alerting about malware in that area, and it seems to alert pretty frequently, too. ;) )

    No anti-virus can clean entries from the System Restore area because it is protected by Windows. What you need to do is cycle System Restore, which will empty it out completely (including all old Restore Points) - deleting the bad files in the process. See this overview:

    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039

    Basically turning it off and on again deletes all old restore points, including the malware trapped in there. That will stop the constant alerts from AVG's resident scanner.
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Rebel, turn off System Restore

    Right Click My Computer
    Properties
    System Restore

    Place a tick in Turn off System Restore.

    Reboot your PC into Safe Mode (press F8 while booting back up)

    Run a further scan with AVG

    Hope this helps...

    Cheers :D
     
  4. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    now how to be safe from future bot infections?

    first, most of these use the vulnerabilities in windows to spread. if you had one, it usually means that your operation system is not fully up to date, so immediately go to windowsupdate and install those patches!

    get firewalled. see this link for info on firewalls

    keep your antivirus updated
     
  5. rebelyuz

    rebelyuz Registered Member

    Joined:
    Aug 1, 2004
    Posts:
    11
    thanks guys! :D
     
Loading...
Thread Status:
Not open for further replies.