system
1
Win32:Sdbot-g12
Win95:Matyas
Win31:Kuang2
Win32:DyfunDldr
Avast keeps finding these viruses and it won’t repair them, so I just placed them in the chest. I downloaded the virus cleaner and it didn’t find anything.
Mac
2
igor0
3
What files were these viruses detected in?
system
4
This is the best way I know how to give you all the information. I copied the xml file in the chest and pasted it here.
<?xml version="1.0" encoding="UTF-8" ?>
-
0000000E
-
00000001
960498000
kernel32.dll
C:\WINDOWS\SYSTEM
System
1068596954
536576
-
00000002
1036551338
wsock32.dll
C:\WINDOWS\SYSTEM
System
1068596956
36864
-
00000003
960498000
command.com
C:
System
1068596957
93040
-
00000004
1067581274
cln4066.TMP
c:\WINDOWS\TEMP
Win32:DyfucDldr [Trj]
Vir
yes
1068597354
69632
-
00000005
1068655928
trz4062.TMP
c:\WINDOWS\TEMP
Win32:DyfucDldr [Trj]
Vir
yes
1068642741
69632
-
00000006
1068656056
trz60E3.TMP
c:\WINDOWS\TEMP
Win32:DyfucDldr [Trj]
Vir
yes
1068642747
69632
-
00000007
1068613136
Folders.dbx
c:\WINDOWS\Application Data\Identities\{94C2B5C9-26A8-4F76-B240-5D5F6ECF8C0B}\Microsoft\Outlook Express
Win32:DyfucDldr [Trj]
Vir
yes
1068642787
74720
-
00000008
1068658846
pavdll.dll
c:\My Documents\padmin.exe
Win32:Kuang2
Vir
no
1068644477
1179648
-
00000009
1068658882
pav.sig
c:\My Documents\padmin.exe
Win95:Matyas
Vir
no
1068644514
3125710
-
0000000A
960498000
wsock32.dll
C:\WINDOWS\SYSTEM
System
1068654750
36864
-
0000000B
1070344190
[UPX]
c:\WINDOWS\TEMP\_avast4_\unp23682
Win32:SdBot-g12 [Trj]
Vir
no
1070329790
1106432
-
0000000C
1070342328
trz22C5.TMP
c:\WINDOWS\TEMP
Win32:SdBot-g12 [Trj]
Vir
yes
1070329806
1106432
-
0000000D
1068282856
dbplugin.exe
c:\WINDOWS
Win32:SdBot-g12 [Trj]
Vir
yes
1070330192
261120
system
5
I went to microtrend and did their scan and it didn’t find any viruses. Does this mean that avast is giving me false readings? I noticed that avast scans files on my harddrive that don’t seem to exist, like in the _restore folder, it scans some thousands of folders, but when I look at that folder in windows explorer, there is only 4 files.
igor0
6
Those two pav* files are really false alarms in Panda Antivirus tool caused by Panda storing unencrypted virus samples inside.
The Sd-Bots may be real…
Mac
7
igor sdbots ARE detected by trend. I think there IS a possibility these are false positives
igor0
8
I didn’t say they aren’t… just there are so many sdbots, it’s easily possible that some of them are missed by some antiviruses (avast included).
Anyway, it’s always possible to send the files from the Chest to Alwil Software for analysis (preferably with some info/comments on the possible false positive in the e-mail).