Can't get rid of virus: Win32:Sdbot-3239 major headache!

D

Dishman

Posts: 8   +0
Long story but now can do a normal XP boot but two error messages pop up about not finding a certain file. Disappears when closed but still have what I believe is the Win32:SdBot-3239 virus.

It really has control. It will not allow me to go to any on-line antivirus programs or updates. Simply goes to a "This page cannot be found" or to a "search" screen. Tried to download AVG but will not let you got to their homepage nor any round about route to it. Also the supplied Norton will not allow you to get "Live update". You cannot access the Symantec site. I managed to download Firefox and Opera browsers but get same problem trying to get to any sites via these.
Browsing Google got me little or no help... some forums talked about going into Registry and looking for certain telltail changes but none seem to be there in my PC so can't make any changes there. Other posts seem to indicate this virus came through MSN messenger and by accepting a picture file. Anyway I can't figure out what else to do. Any suggetions?
 
I have moved your thread to the correct forum :)

Go HERE and follow the instructions exactly.

Post a fresh HJT log as an attachment into this thread, only after doing the above.

Regards Howard :)

This thread is for the use of Dishman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thanks very much, Howard!
"Bug" would not allow access to any of the web sites for scans except last one suggested. This cleared up much of the problem and then could get the other scans performed. These have eliminated all the trouble. Have not gone beyond these steps as I'm still too "green" to comprehend a lot of the other steps but if trouble returns will have to try again later. Have installed SpyBot, Ad-aware and AVG and scanned with them as well. Thanks again for helping a newbie.... even a bit unsure how this "board" works and how / where to post as you can see, ha. Thanks once more :)
 
I`d still like you to post a HJT log, so I can check to see if your system is clean or not.

Go and read this thread HERE. Then post a HJT log into this thread.

Regards Howard :)

This thread is for the use of Dishman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
HJT logfile attachment

Here is the HJT logfile... hope I've done this correctly.
Let me know & Thanks! RE: "Can't get rid of virus...."
 

Attachments

  • hijackthis.log
    10.8 KB · Views: 7
Your HJT log is clean.

However, I notice you`re running several antivirus programmes, Symantec/Norton, AntiVir PersonalEdition Classic and AVG. This is not a good idea and is likely to cause conflicts etc, as well as seriously slowing your system down.

Download either the free Zonealarm, or the free Kerio firewall programmes. You can get them HERE and HERE.

Then, disconnect from the net.

I recommend you uninstall Symantec/Norton and AntiVir PersonalEdition Classic. Keep AVG.

Once you`ve uninstalled the above, install whichever firewall you chose and reconnect to the net.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of Dishman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I uninstalled Norton but I can't find in the "Add-Remove" programs and reference to the AntiVir Personal Edition Classic program that you see. There is no list of it either in Programs so not sure about that.
Also if I were to use one of the two firewalls you suggested I should turn off the XP firewall correct? It says not to use more than one as it maycause conflicts.
At this point things seem to be running smoothly... thanks again. You have been most helpful and patient with a "learner" and hope next time you will be able to do the same... best regards!
 
Yes, you should turn off Windows firewall, it`s complete crap anyway lol.

The reason you can`t find the AntiVir Personal Edition Classic program is the file is missing, I hadn`t noticed that.

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler)
AntiVir PersonalEdition Classic Guard (AntiVirService)

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

sched.exe
avguard.exe

Close task manager.


Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)

Click on the fix checked button.

Close HJT.

Delete the following bold files.

C:\Program Files\AntiVir PersonalEdition Classic

Reboot your system.

Regards Howard :)

This thread is for the use of Dishman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 

Similar threads

J
Intel's takeover dilemma: A Gordian knot of funding and politics
Replies
14
Views
381
Loadedaxe
Loadedaxe
S
Curriculum overhaul at Northeastern sparks debate on the future of computer science education
Replies
8
Views
320
AnilD
AnilD
midian182
Asus holiday popup sparks malware scare among users
Replies
8
Views
341
GoldenGoat
GoldenGoat

Latest posts

Back