Unable to get rid of it!

Win32:SdBot-194-B [Trj]
C:\WINDOWS\system32\mssvc32.exe[PeShield]

could someone pls help???

i cant delete it, repair or move it!

Please, read:
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=37263
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=12411

u mean avast cant get rid of it?

No, I didn’t. I just try to help you to get rid from it.
That sites have informations that you could follow.

Did you scan your system with avast?
Does your avast installation is updated?

yes…i’ve updated everything i could

To get the appropriate help. you should give more information about your computer system … OS, etc. ::slight_smile:

Have you tried starting your sustem in safe mode and then running a scan with avast? ???

I’m using XP home, on ethernet modem.

With Zonealarm Free edition firewall.

Have used other software e.g. AVG, Trojan Hunter etc in safe mode and normal mode. no trojan found

However, used Adaware in safe mode. Found a “DSO exploit” which i deleted. however it gets back when i scan aGain

Right now, I can’t do anything to this trojan with Avast at all

Can’t even delete while in Safe mode

hojc-
Go to House Call http://housecall.trendmicro.com/
Do a on-line scan
Post back with results
-max

done…even tried symantec online scan and anti-vir PE

seems that only avast can detect this…but it doesn’t clean it

Try this:
Open a Command Prompt window and leave it open.

Close all open programs. Click Start → Run and type “taskmgr”

Go to the Processes tab and End Process on “explorer.exe”.

Leave Task Manager open. Go back to the Command Prompt window and change to the directory where the undeletable file is located in.

At the command prompt type DEL where is the file you wish to delete.

Go back to Task Manager, click File → New Task and type “explorer.exe” to restart the GUI shell.

Close Task Manager.

from T-Lab http://v2.tlab404.com/articles/detail.asp?iFaq=260&iType=20

Hope it helps
-max

cant…

i cant even find e file which avast reported to be infected…

i think it’s either a false positive or a die-hard trojan…

I found this on google see:http://protools.anticrack.de/packers.htm#peshield

PE-SHiELD by ANAKiN [DaVinci]. 03.II.2000.
PE-SHiELD v0.25 (32K).

  • Fixed a few little bugs on request and added some AD stuff.

PE-SHiELD is a program, which encrypts 32-bit Windows EXE files, leaving them still executable. The previous version was over a year in the wild and there is still no unpacker for it.

-max

hmmm…i’m unable to identify e cause of e virus…

i tried decryting it…no luck there…

this might help but i dought it http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=59352&VName=WORM_AGOBOT.DZ

it does say its another virus and infects mssvc32.exe as well
or creats mssvc32.exe