HEllo,
i’m in trouble with the Win32:SdBot-545 [trj].
The trojan is in the msconfg.exe file which is in the C:/windows/system32 folder.
I can remove the virus from my computer.
Avast cannot repair it.
I try Hijackthis, clean or (delete?).
But the trojan is always at startup…
Like the bad guy in “friday the 13th”
If you need more help, come back here with more info…
the file msconfg.exe is not a windows file, msconfig.exe is, what they are attempting to do is confuse with a mis-spelling of a system file. This assumes that you havent mis-typed the trojan name.
Firstly, make sure that you have updated Avast to the latest database. The virus you name W32:sdbot-545 was included into the VPS 0432-1 for detection.
If you have an older database, then Avast will not be able to detect and remove it.
Secondly, once you have removed it…
if it comes back, then you have not eliminated the source that gave it to you in the first place.
As has been mentioned, IRC and File sharing are the most common ways that this trojan is spread.
Do you use Kazaa or any similar utility? What about music sharing?
Make sure that all Windows updates are downloaded and installed. Always reboot after the updates to get all your programs to “settle in” again.
Well, i dont have any P2P installed or IRC.
I just install my system recently and i don’t use it. I just put avast first and it find this trojan on the msconfg.exe file. (that’s the real name, no error in it)
I rename and move it. So the the msconfg.exe in c:/windows/system32 folder seem to be clean but the renamed file in the avast/moved folder is still infected.
Avast detect it but don’t clean it.
I have the last database installed.
This the hijackthis-log report for my computer :
(I don’t really know to use hijackthis in fact)
Logfile of HijackThis v1.98.0
Scan saved at 08:40:58, on 05/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)