Ok i picked up this virus a couple days ago, seems to have something to do with trojan horse irc/backdoor sdbot2.rpn which avast can detect but it seems to be self repaireing or something and avast cant catch this thing in the act of reactivating. every time i run avast it finds a file or two that are infected usually a different name but frequently one by und[1].exe in one of the temp internet folders (which i have cleared out) heals two files this virus likes to infect (winmgrd.exe and waucult.exe both in the windows\system32 folder) and seems to be finished until i connect to the internet after rebooting. after co9nnecting to the internet the virus causes scvhost to suck up as much processing power as possible something which can only be compensated for by increasing the priority of processes being used in the taskmanager window, a band aid solution at best, i’ve run avast about a dozen times in the last 2 days and updated it and this thing still wont go away
P.S. something i forgot i tried to run avg in safemode (using windows XP service pack 1) but safemode has apparently been disabled, until i can find my bloody disk again and repair it
I suspect your problem is that Windows firewall is down when you reconnect. Make sure it is up before reconnecting, or preferably install a good third-party firewal such as Zone Alarm after a thorough cleaning offline and before reconnecting.
Here’s how to find Windows firewall in SP1:
http://www.geocities.com/dontsurfinthenude/firetut.htm
Here’s a solution to Safe Mode disabled by a virus:
http://www.castlecops.com/p879629-Help_A_virus_seemd_to_have_disabled_safe_mode.html
(Scroll down to Solitaire’s post which begins ‘I´ve got it fixed!’
thanks for the help finding someone with SP 1 for winxp will be difficult i only have xp because it’s an old disk and windows update hasnt brought me up any more service packs but windows fierewall seems to have stopped this thing from eating up all my processing power, i remember dealing with something like this a couple years ago back when i was using win 98 and i didnt know about avast, it took me 24 hours of rebooting renaming and deleting but i managed to cripple the virus manually. though it was in large part to the fact the virus used extensive numbers of .bat files and self extracting exe’s which allowed me to hunt down it’s main files and remove them manually.