Avast Pro Trial says that I’m infected with
"win32:sdbot-542[trj]"
It also says it is unrepairable…?!
tangledwebster
Avast Pro Trial says that I’m infected with
"win32:sdbot-542[trj]"
It also says it is unrepairable…?!
tangledwebster
It is unrepairable because it is a trojan [trj] tangledwebster, which means there was no origional file for it to infect, so it can’t be repaired (put to its origional specs), it was placed on your computer as it is now and will either try to gather info about you like passwords, firewall, OS, browser and send them off or it wil try to give someone else (a hacker) control over your computer, so it is fine to deleat it i think.
This is the infomaion i found on it “Backdoor.Sdbot is a Backdoor Trojan Horse that allows the Trojan’s creator to control a computer by using Internet Relay Chat (IRC). Backdoor.Sdbot can update itself by checking for newer versions over the Internet”
hope this helps.
–lee
lee,
Tanglewebster is absolutetly correct…
Dtich the thing and delete it.
Run a FULL Avast scan with the scanner set to Thorough and with Archives.
Also run an antispyware scan using something like Adaware of Spybot S and D.
You should then be ok.
Why did avast allow the trojan in the first place…?
Well, it depends… where exactly (what file) was the worm detected?
Maybe it got on your computer before the detection of this worm was added?
I want to explore this further…
Please eloborate…
I know the sytstem was clean prior to intalll avast.
I know avast needed to go online to do an update.
Is their another way to do updates without going online?
How do you know this ??
didn’t you ever connect to the net before ?
the SDBOT was added to avast’s database with VPS 0428-0, on 07.07.2004
and it sounds to me as it’s a network aware Trojan/worm which spreads through security holes in unpatched/unsecured WINs
Al this implies that you didn’t apply all Windowsupdates patches, before going online… (or did so without a firewall)
or you usd very weak passwords…
you can download updates from avast main page (on another PC), and install them
please answer the question as to where the virus was found: folder/filename !!
lee,Tanglewebster is absolutetly correct…
Dtich the thing and delete it
This is what i said…
I know the sytstem was clean prior to intalll avast
you can’t be 100% sure of that, but if it is then it is unfortanate that the trojan made it past the resident shild, it all depends what level it is on i.e. high, medium or low, but unfortanatly it is imposible for avast! to stop every virus/trojan from getting on your pc because they are created to fool AV’s and firewalls, (remember the battle of troy when they used the trojan hourse, its the same concept), but firewalls are more efficent on blocking viruses/trojans/malware.
I know avast needed to go online to do an update. Is their another way to do updates without going online?
If there is i would like to no how it is posible, you have to either auto update it, or you could manuly download then install it to avast!, but i suppose you could download it at a freinds house and bring it to yours…
–lee
I’ll provide the directory path as soon as I get back to that computer. It’s accross town on a client’s computer.
As for my confidence of whether or not the machine was clean prior to installl…
System was restored to factorory spec less connection online.
I installed Avast prior to connecting to the net.
I also a\v scanned the hdd w/Avast prior to the net via another machine.
No, I did not run windows updates or use a firewall prior to infections or going online.
I am not aware of a way to rud windows updates without going online…i.e., a standalone update that I can download on anoter machine…?
Hi,
sadly, nowadays that’s not enough:
a network worm might/will infect you as soon as going online…
especially if your virus definitions are not totally uptodate…
and even then: NO antivirus will detect everything
please read “VirusRemoval” below on how to set up a system properly by applying patches offlien or behind a firewall
follow the advice on how to secure it better…
we need the path/location to decide whether the trojan was active on your PC, if so:
→
if this machine contains confidential data, you should maybe format and set it up again. But at least change all the passwords !
also see the above link on backdoors…
ok, just got the path…
win.32sdBot-542[Trj]
c:\wwnt\temp\tr2ll.tmp
I want to keep a file of these reports and do not see an option to save to file…?