W32/Sdbot.worm.gen.o not detected by Avast?!?

Viruses and worms
1

I started noticing my machine was infected because my regedit closes immediately when I try to launch it. I’ve had Avast active all the time, and a scan of my harddisk found no virusses.
However, when I ran McAfee’s Stinger, it found two files from the W32/Sdbot.worm.gen.o virus. According to McAfee’s website, this virus has been known since 04/10/2003. Even a specific directory scan with Avast turned up nothing. How is it possible Avast doesn’t recognize it???

My configuration:

  • Windows XP Pro SP1
  • Avast Home Edition 4.1.396 (Apr2004)
  • VPS file version 0423-1 (02.06.2004)
  • McAfee Stinger 2.2.7 (5/18/2004)
2

Send the sample to virus@asw.cz

3

Okay, did that. VERY disappointed that Avast apparently doesn’t know this virus!

4

It happens since SdBot has a quiet huge family. Since its a worm it doesn’t do any damage like real viruses that reformat your disk or something like that. If the file you send is confirmed to be a worm,then avast! will be able to clean it after next VPS update. No worries :slight_smile:

5

No “physical” harm was done, but not being able to use the registry editor has caused some problems over the last weeks, and according to McAfee’s information, my computer was open to anyone who is able to control this virus…
Anyway, I hope you will be able to include this virus soon.

6

Use firewall. There are some fine free firewalls. With them you can block any program that looks suspicious (e.g. program with name sdjkhdg536.exe is most probably not a good program since no “clean” program use such name).

7

As i posted in another post : if you have windows XP

There is only 1 way to fix a virus in System Volume Information

To get into system volume information :

Go into system restore, to the left, click “system restore settings” and turn system restore off. Press apply. This will purge all of system restore, restart the PC, and then you should hopefully be able to turn it back on

This is a protected folder for System Restrore, and that is the only was to delete it, You will lose all your checkpoints as it will delete them all. However as soon as you have restarted the PC you should be able to turn it on

As I said before, this is the only way to delete system volume info files, trying to delete them using other methods might cause damage.
If you have windows ME i suggest you follow this link :
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q263455

It worked for me but had to unplug pc replug to get it started
:slight_smile:

8

No worries, I already turned off System Restore a long time ago. I never use it, and it takes lots of diskspace… :wink: