Win32:Sdbot-g12
Win95:Matyas
Win31:Kuang2
Win32:DyfunDldr
Avast keeps finding these viruses and it won’t repair them, so I just placed them in the chest. I downloaded the virus cleaner and it didn’t find anything.
What files were these viruses detected in?
This is the best way I know how to give you all the information. I copied the xml file in the chest and pasted it here.
<?xml version="1.0" encoding="UTF-8" ?>- 0000000E
- 00000001 960498000 kernel32.dll C:\WINDOWS\SYSTEM System 1068596954 536576
- 00000002 1036551338 wsock32.dll C:\WINDOWS\SYSTEM System 1068596956 36864
- 00000003 960498000 command.com C: System 1068596957 93040
- 00000004 1067581274 cln4066.TMP c:\WINDOWS\TEMP Win32:DyfucDldr [Trj] Vir yes 1068597354 69632
- 00000005 1068655928 trz4062.TMP c:\WINDOWS\TEMP Win32:DyfucDldr [Trj] Vir yes 1068642741 69632
- 00000006 1068656056 trz60E3.TMP c:\WINDOWS\TEMP Win32:DyfucDldr [Trj] Vir yes 1068642747 69632
- 00000007 1068613136 Folders.dbx c:\WINDOWS\Application Data\Identities\{94C2B5C9-26A8-4F76-B240-5D5F6ECF8C0B}\Microsoft\Outlook Express Win32:DyfucDldr [Trj] Vir yes 1068642787 74720
- 00000008 1068658846 pavdll.dll c:\My Documents\padmin.exe Win32:Kuang2 Vir no 1068644477 1179648
- 00000009 1068658882 pav.sig c:\My Documents\padmin.exe Win95:Matyas Vir no 1068644514 3125710
- 0000000A 960498000 wsock32.dll C:\WINDOWS\SYSTEM System 1068654750 36864
- 0000000B 1070344190 [UPX] c:\WINDOWS\TEMP\_avast4_\unp23682 Win32:SdBot-g12 [Trj] Vir no 1070329790 1106432
- 0000000C 1070342328 trz22C5.TMP c:\WINDOWS\TEMP Win32:SdBot-g12 [Trj] Vir yes 1070329806 1106432
- 0000000D 1068282856 dbplugin.exe c:\WINDOWS Win32:SdBot-g12 [Trj] Vir yes 1070330192 261120
I went to microtrend and did their scan and it didn’t find any viruses. Does this mean that avast is giving me false readings? I noticed that avast scans files on my harddrive that don’t seem to exist, like in the _restore folder, it scans some thousands of folders, but when I look at that folder in windows explorer, there is only 4 files.
Those two pav* files are really false alarms in Panda Antivirus tool caused by Panda storing unencrypted virus samples inside.
The Sd-Bots may be real…
igor sdbots ARE detected by trend. I think there IS a possibility these are false positives
I didn’t say they aren’t… just there are so many sdbots, it’s easily possible that some of them are missed by some antiviruses (avast included).
Anyway, it’s always possible to send the files from the Chest to Alwil Software for analysis (preferably with some info/comments on the possible false positive in the e-mail).