Win32:SdBot-2969

Avast has found four of these files mentioned in the subject, all in Windows\system32. The end of the file name has eraseme_73888.exe (all four have different numbers in the filename). I’ve searched all the antivirus sites, I’ve dogpiled it…I can’t find anything to tell me anything about this thing! Can anyone here help?

Seems a randomic file (infection) that keeps coming and coming…

I suggest:

  1. Disable System Restore (enable it at the end of scanning/cleaning):
    Windows ME: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887
    Windows XP: http://support.microsoft.com/default.aspx?scid=kb;[LN];310405

  2. If you have XP: Schedule a boot time scanning (Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot).
    If you have Windows 98\Me: boot in SafeMode (repeatedly press F8 while booting): http://support.microsoft.com/default.aspx?scid=kb;en-us;315222

  3. A full scanning with avast, Ad-aware, SpyBot and Microsoft Antispyware :wink:

:smiley: Thank you! None of the programs found anything, I suppose because I had moved the files to the virus chest, but Avast hasn’t found anymore of them either so that’s good :slight_smile: Do you think it’s ok if I just leave them in the chest and not mess with it?

You have done the right thing, ‘first do no harm’ don’t delete, send virus to the chest and investigate.
There is no rush to delete anything from the chest, they can’t do any harm there. Anything that you send to the chest you should leave there for a week or two. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.