TechSpot

W32/sdbot.worm.ftp removal

By GeorgesAbouRizk
Jun 28, 2007
  1. When I suggested launching to stinger on the server, the client told me there was a virus on his system and he removed it with stinger .The virus called
    W32/sdbot.worm.ftp

    And when the public IP is connected after 3 or 4 hours the virus returns on his server. So he must launch the stinger every day twice to remove the virus. He also notice the virus create a file named “ I “ under system32 folder and every time he delete it. After 3 or 4 hours the file “ I “ appear again

    The problem now that we cannot use the stinger anymore even on safe mode, when I tried to launch the stinger I received this message: Stinger maybe infected cannot continue,

    It seams the virus blocked to stinger,

    He installed the Vasta antivirus and he receives a message “dangerous u can’t continue “so he stopped all the services related to Vasta.

    Now could u please help me to remove this virus completely from the system without reaffecting it again? What do you suggest?

    Do you have any idea why the stinger is infected? Is there another tool can remove this virus
     
  2. momok

    momok TS Rookie Posts: 2,265

    Hi GeorgesAbouRizk and welcome to techspot. =)

    Important: Please read this thread HERE before you decide whether to clean or reformat your system.

    Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

    Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

    Also, please let me know the results of the AVG Antirootkit scan


    Regards,
    Your friendly momok =)

    This thread is for the use of GeorgesAbouRizk only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...