virus removal: Backdoor.Sdbot (Trojan) 
Author Message
 virus removal: Backdoor.Sdbot (Trojan)

I have just installed Norton Antivirus 2003 on my XP Home
and it has found the virus Backdoor.Sdbot located in the
file C:\WINDOWS\System32\config32.exe.

The Norton software is not able to fix, quarantine, or
delete this virus.  The instructions Norton's site offers
for removal say to delete the files but that's not
possible.  Doesn't say what to do if they're not
deletable.

Would someone please tell me how to remove or at least
disable this virus?  

Thanks.



Sun, 03 Jul 2005 06:56:05 GMT  
 virus removal: Backdoor.Sdbot (Trojan)

Could be a false alarm.  If this trojan is described as being not very
common in the wild, I would suspect a false alarm.  Mentioning the file name
could also help tell us if it is a false alarm.

If you can't delete the files, that could be because the trojan is running,
so that it is in memory and is protected from deletion by Windows itself.
CTRL-ALT-DEL, task manager, End task could possibly remove the virus from
memory.  Once that is done, I would advise letting Norton remove it, as just
deleting it would leave pointers to the trojan in your startup files,
causing errors whenever you boot up.


Quote:
> I have just installed Norton Antivirus 2003 on my XP Home
> and it has found the virus Backdoor.Sdbot located in the
> file C:\WINDOWS\System32\config32.exe.

> The Norton software is not able to fix, quarantine, or
> delete this virus.  The instructions Norton's site offers
> for removal say to delete the files but that's not
> possible.  Doesn't say what to do if they're not
> deletable.

> Would someone please tell me how to remove or at least
> disable this virus?

> Thanks.



Sun, 03 Jul 2005 10:21:26 GMT  
 virus removal: Backdoor.Sdbot (Trojan)
This isn't an XP system file.

I'd recommend restarting in safe mode--you should then be able to delete it,
I believe.


Quote:
> I have just installed Norton Antivirus 2003 on my XP Home
> and it has found the virus Backdoor.Sdbot located in the
> file C:\WINDOWS\System32\config32.exe.

> The Norton software is not able to fix, quarantine, or
> delete this virus.  The instructions Norton's site offers
> for removal say to delete the files but that's not
> possible.  Doesn't say what to do if they're not
> deletable.

> Would someone please tell me how to remove or at least
> disable this virus?

> Thanks.



Mon, 04 Jul 2005 00:55:40 GMT  
 virus removal: Backdoor.Sdbot (Trojan)


| This isn't an XP system file.
|
| I'd recommend restarting in safe mode--you should then be able to delete it,
| I believe.

Rather then indefinitelly delete it, I'd prefer to change it's name from
"config32.exe"  to  "config32.exe.ORG"  [as for "original"]
You're sure to have disabled its executabillity this way.
Once deleted it's gone and you can't get it back if in any case you need to.
Nor can it be investigated for further analysis if you'd ever feel the
compelling urge to.

Bob A. Schelfhout Aubertijn

==================================================
Please reply to the newsgroup only so that others can learn from this issue.
This message is provided "as is", with absolutely no warranties.
==================================================



Mon, 04 Jul 2005 01:44:36 GMT  
 virus removal: Backdoor.Sdbot (Trojan)
Excellent point!



Quote:



> | This isn't an XP system file.
> |
> | I'd recommend restarting in safe mode--you should then be able to delete
> it,
> | I believe.

> Rather then indefinitelly delete it, I'd prefer to change it's name from
> "config32.exe"  to  "config32.exe.ORG"  [as for "original"]
> You're sure to have disabled its executabillity this way.
> Once deleted it's gone and you can't get it back if in any case you need
> to.
> Nor can it be investigated for further analysis if you'd ever feel the
> compelling urge to.

> Bob A. Schelfhout Aubertijn

> ==================================================
> Please reply to the newsgroup only so that others can learn from this
> issue.
> This message is provided "as is", with absolutely no warranties.
> ==================================================



Mon, 04 Jul 2005 12:54:39 GMT  
 
 [ 5 post ] 

 Relevant Pages 

1. virus removal: Backdoor.Sdbot(Cont.)

2. virus called backdoor.sdbot

3. backdoor.trojan - popups that aren't pop-ups

4. Trojan horse IRXC/backdoor

5. Trojan horse backdoor.litmus on my msgsrv32.exe file

6. Trojan horse: IRC/BackDoor.Flood FOUND, not removed.

7. Backdoor.Trojan

8. backdoor.trojan horse

9. FYI - Backdoor.Blackd Trojan

10. trojan removal

11. This is a backdoor virus!

 

 
Powered by phpBB® Forum Software