Hi, I downloaded and ran Avast 4.7 for the first time yesterday, and it detected the Win32:Sdbot-gen28 virus. The dialog box recommended I remove the virus to the chest, which I did. The chest now shows five things:
kernel32.dll, winsock.dll, and wsock32.dll, all in C:/WINDOWS/System32
Virscan9.dat (it shows two in there). These are both Win32:SdBot-gen28.
I have done some looking online but as I’m not particularly software-savvy, there is an intense learning curve. I’m not sure what to do next but I have some questions.
Should I just leave them in the chest and not worry about it? Are they unable to do any more harm there?
Should I disable system restore if possible and then run the scan and/or a virus cleaner while it is disabled?
Should I change all my passwords to my email accounts, bank, paypal, etc.?
Should I download any other programs like adware or spyware to prevent or clean this virus?
There are probably other questions I don’t even know to ask. I would really appreciate any help anyone can give.
Take note that these files are into System folder of the Chest.
They’re there for backup purposes and they’re clean.
They can’t harm if they’re into Chest. Don’t worry.
From now on, one or two weeks, right click it into Chest and rescan them. If they return infected, you can delete them. This is done to avoid false detection and direct deletion of the files.
You don’t have to do it, but you can.
Disabling system restore will delete restore points, infected and clean ones. Infected files (if any) won’t be detected there as the files are deleted.
I don’t think it’s necessary.
Most probably not. avast has done its job.
But I suggest you use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
Virscan9.dat (it shows two in there). These are both Win32:SdBot-gen28.
What was the location of the detection ?
Have you got another anti-virus on your system or have you done an on-line scan ?
The reason I ask is the file name looks suspiciously like it is a virus signature file (which not encrypted) and avast is detecting the signatures inside it.