Win32:SdBot-194-B [Trj]
C:\WINDOWS\system32\mssvc32.exe[PeShield]
could someone pls help???
Win32:SdBot-194-B [Trj]
C:\WINDOWS\system32\mssvc32.exe[PeShield]
could someone pls help???
i cant delete it, repair or move it!
Please, read:
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=37263
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=12411
u mean avast cant get rid of it?
No, I didn’t. I just try to help you to get rid from it.
That sites have informations that you could follow.
Did you scan your system with avast?
Does your avast installation is updated?
yes…i’ve updated everything i could
To get the appropriate help. you should give more information about your computer system … OS, etc. :
Have you tried starting your sustem in safe mode and then running a scan with avast? ???
I’m using XP home, on ethernet modem.
With Zonealarm Free edition firewall.
Have used other software e.g. AVG, Trojan Hunter etc in safe mode and normal mode. no trojan found
However, used Adaware in safe mode. Found a “DSO exploit” which i deleted. however it gets back when i scan aGain
Right now, I can’t do anything to this trojan with Avast at all
Can’t even delete while in Safe mode
hojc-
Go to House Call http://housecall.trendmicro.com/
Do a on-line scan
Post back with results
-max
done…even tried symantec online scan and anti-vir PE
seems that only avast can detect this…but it doesn’t clean it
Try this:
Open a Command Prompt window and leave it open.
Close all open programs. Click Start → Run and type “taskmgr”
Go to the Processes tab and End Process on “explorer.exe”.
Leave Task Manager open. Go back to the Command Prompt window and change to the directory where the undeletable file is located in.
At the command prompt type DEL where is the file you wish to delete.
Go back to Task Manager, click File → New Task and type “explorer.exe” to restart the GUI shell.
Close Task Manager.
from T-Lab http://v2.tlab404.com/articles/detail.asp?iFaq=260&iType=20
Hope it helps
-max
cant…
i cant even find e file which avast reported to be infected…
i think it’s either a false positive or a die-hard trojan…
I found this on google see:http://protools.anticrack.de/packers.htm#peshield
PE-SHiELD by ANAKiN [DaVinci]. 03.II.2000.
PE-SHiELD v0.25 (32K).
PE-SHiELD is a program, which encrypts 32-bit Windows EXE files, leaving them still executable. The previous version was over a year in the wild and there is still no unpacker for it.
-max
hmmm…i’m unable to identify e cause of e virus…
i tried decryting it…no luck there…
this might help but i dought it http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=59352&VName=WORM_AGOBOT.DZ
it does say its another virus and infects mssvc32.exe as well
or creats mssvc32.exe