Need help disposing of SdBot194-B

Dear Forum:

Avast is a fantastic anti-virus program. Over the past few days I have cleaned about 400 infected files on a Dell Dimension 1100 notebook computer. All have been quarantined, deleted, moved, or otherwise disabled, except for one or two that reside in memory.

Dell Dimension 1100 Notebook
OS Windows XP SP1 (I will upgrade to SP2 after viruses are gone!)
128 MB RAM

Avast! 4.6 home version
Malware Name: Win32:SdBot-194-B
Malware Type: Trojan
VPS Version: 0534-1, 08/23/2005
File Name: C:\WINDOWS\System32\msconfig.exe[UPX]
Available Action: Move, Rename, Delete
Recommended Action: Move to chest

Actions taken: I clicked on the NO ACTION button.

The virus remains constant throughout repeated runs using Avast, online virus checkers, etc. I followed your advice (in other posts) and rescanned the HD using the boot scan. Each time I did, the same virus showed up. The Avast scan running in the background also found the same virus.

After the boot scan, I tried the REPAIR option, and received repair error 42060. When I tried to MOVE it to the chest or DELETE it, I received this warning:

“File is in Windows folder; are you sure? 1-yes, 2-yes all, 3-no, ESC Exit.”

That’s my problem, I am not sure, so I took no further action.

This virus is very active and I want it dead! The problem here is that the infected file is in Windows. If I delete, move, or repair the file I might lose the use of Msconfg or in other ways interrupt the Windows OS.

What is the best course of action to eliminate this virus without destroying my OS?

Thanks

Trojan Hearse

Check it against Jotti, but I don’t have that file in system32 folder and it is likely to be a virus. Many viruses place themselves in the windows folder to deceive you and to have windows protect them (good ehh).

Check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.
Or VirusTotal - Multi engine on-line virus scanner

If confirmed as infected by multiple scanners, then you can also schedule a boot-time scan from within avast! that way the file won’t be in use.

I also sugest you pay an urgent visit to windows update as your OS is well out of date and vulnerable, once you have updated your OS you will also be able to get the IE 6 SP2 update.