Quickly Spreading AIM Worm/Virus

I havn’t yet figured out exactly what this virus is. I think it may be more along the lines of a spyware/adware program than anything else, but it reproduces so quickly that I suspect it may have worm tendencies.

It spreads using AOL Instant Messenger. It might use other programs but so far I can only follow it through AIM. It sends a copy of itself using a link asking people to click it.

EDIT: Link removed by moderator

That is a link to the program. Surprisingly, it’s hosted on a legitimate company’s website, narprail.org. I have dispatched an email to their customer service using their “Contact Us” form to inform them of this file. Hopefully it’s not their own tech guy hosting it.

Can anyone here help me figure out how to tell my contacts about how to remove this program? I am currently not infected because I see these types of things all the time and I know how to avoid them. However, neither avast nor adaware recognizes this file as dangerous, so I don’t know how to clean it off an infected system.

Can anyone help?

After a bit more prodding, I have discovered this file to be a backdoor file. Here are the names of it according to the different virus lab companies.

Win32.Slinbot.UG [Computer Associates], Backdoor.Win32.SdBot.gen [Kaspersky Lab], W32/Sdbot.worm.gen.h [McAfee], W32/Sdbot-Fam [Sophos], WORM_SDBOT.GEN [Trend Micro]

However, avast does not recognize this file as dangerous and therefore, my life is so much harder to get rid of it! :slight_smile:

Anyone know any good, safe way? Or could someone make a virus cleaner specifically for this virus?

F-Secure provides the special disinfection utility to eliminate WootBot backdoor infection

http://www.f-secure.com/v-descs/wootbot.shtml

To Strygun: Can you send the file to Alwil for analysis and to include it into next virus database update? (virus (at) avast.com)
To Alwil: Could you protect us from this? :stuck_out_tongue:

Unfortunatly I have already deleted this file. I found a stinger for this virus on McAfee’s website and used that. However, could you not get the information needed to defend against this worm from Symantec or McAfee?

Just search for Backdoor.Sdbot.

Info on Symantec: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.ak.html