W32/Sdbot.worm.gen.h ???

Hi - I have been getting a recurring worm, the W32/Sdbot.worm.gen.h, which is only detected by the Mcafee online scanner(of the several I use). It shows the infected file name as: E:\WINDOWS\system32\l074.exe But no matter what I do to find it(tracing the folders, search, safe mode, show hidden files, etc..) I come up empty. Can't seem to find it. Any ideas? Many thanks, Deca

 

Won't the McAfee scanner clear the things it finds? If not you could always try Avert Stinger and see if that does the trick:-

http://vil.nai.com/vil/stinger/

It seems odd that only McAfee is finding the file, have you tried KAV:-

http://www.kaspersky.com/downloads/kws/kavwebscan.html

KAV won't clean it either, but at least it should confirm whether or not you have a problem file.

 

Hi TopperID, Thank u for ur time & response. The Kaspersky, Symantec, Bit Defender & Trend Micro Online scanners all showed no infections. Of course the goofy Mcafee scanner does not remove the infection...(Hmmm) & The Stinger came up empty as well. Well I guess I should just hope it's one of those benign bugs that don't really do much damage! Thanks again! D

 

If McAfee is the only scanner fingering the file, and you have no symptoms, I would say it could be a false alarm.

There are ways of attempting to delete things when you have the file path but cannot access the file. One example being KillBox:-

http://www.majorgeeks.com/download.php?det=4709

You just enter the file path and set it to delete on reboot. But I really don't know whether it would be appropriate to use such a tool when you are not even certain you have a bad file. I would be inclined to leave things be for the moment and see how it shapes up.

Maybe if you try the McAfee scanner at a later date, after it has updated, it will stop finding this thing?

Edit - a thought has just occured (yes it happens ), did you set all those scanners you used to specifically scan your E Drive where this thing is said to reside?

 

TopperID - U R DA MAN!!! This Killbox tool ripped that virus out by the roots!!!! I can not thank u enuf for knowing about that one! (Free to boot!) Oh yes - I did have the scanners set for the E drive when I did the scans...(v funny too ) All scans clean & green! Tx again, Deca

 

Glad to hear you got rid of it. It's very frustrating the way these things can hide so you can't get at 'em - but l074.exe hardly sounds like a genuine system file, so good riddence...

In fact, having read this, it's probably just as well you did get rid of it:-

http://www.bleepingcomputer.com/startups/l074.exe-13881.html

 

you could of tried avast