W32/Sdbot.worm.gen.h ???

Discussion in 'malware problems & news' started by Decapad, Jan 12, 2006.

Thread Status:
Not open for further replies.
  1. Decapad

    Decapad Registered Member

    Joined:
    Dec 15, 2004
    Posts:
    188
    Hi - I have been getting a recurring worm, the W32/Sdbot.worm.gen.h, which is only detected by the Mcafee online scanner(of the several I use). It shows the infected file name as: E:\WINDOWS\system32\l074.exe But no matter what I do to find it(tracing the folders, search, safe mode, show hidden files, etc..) I come up empty. Can't seem to find it. Any ideas? Many thanks, Deca
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
  3. Decapad

    Decapad Registered Member

    Joined:
    Dec 15, 2004
    Posts:
    188
    Hi TopperID, Thank u for ur time & response. The Kaspersky, Symantec, Bit Defender & Trend Micro Online scanners all showed no infections. Of course the goofy Mcafee scanner does not remove the infection...(Hmmm) & The Stinger came up empty as well. Well I guess I should just hope it's one of those benign bugs that don't really do much damage!:doubt: Thanks again! D:thumb:
     
  4. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    If McAfee is the only scanner fingering the file, and you have no symptoms, I would say it could be a false alarm.

    There are ways of attempting to delete things when you have the file path but cannot access the file. One example being KillBox:-

    http://www.majorgeeks.com/download.php?det=4709

    You just enter the file path and set it to delete on reboot. But I really don't know whether it would be appropriate to use such a tool when you are not even certain you have a bad file. I would be inclined to leave things be for the moment and see how it shapes up.

    Maybe if you try the McAfee scanner at a later date, after it has updated, it will stop finding this thing?

    Edit - a thought has just occured (yes it happens:D ), did you set all those scanners you used to specifically scan your E Drive where this thing is said to reside?
     
  5. Decapad

    Decapad Registered Member

    Joined:
    Dec 15, 2004
    Posts:
    188
    TopperID - U R DA MAN!!! This Killbox tool ripped that virus out by the roots!!!! I can not thank u enuf for knowing about that one! (Free to boot!) Oh yes - I did have the scanners set for the E drive when I did the scans...(v funny too:gack: ) All scans clean & green! Tx again, Deca;)
     
  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Glad to hear you got rid of it. It's very frustrating the way these things can hide so you can't get at 'em - but l074.exe hardly sounds like a genuine system file, so good riddence...:D

    In fact, having read this, it's probably just as well you did get rid of it:-

    http://www.bleepingcomputer.com/startups/l074.exe-13881.html
     
  7. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    you could of tried avast
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.