Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Certain Win32 Files Infected With Trojan


  • Please log in to reply
1 reply to this topic

#1 joanne_z

joanne_z

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Philippines
  • Local time:05:16 PM

Posted 15 July 2007 - 10:05 PM

Hi everyone,

I just ran a system scan using Kaspersky and it has detected some Trojans on the pc...on some files the only option would be to delete it. I would just like to get some advise whether to delete them or not coz my Windows XP may become unstable. btw, i think im using the XP SP1.

deleted, backed up:

C:\windows\system32\dllcache\ivchost.exe (detected Trojan Program Backdoor.Win32.SdBot.aad)

These files were put into (and are still in) Quarantine:

C:\WINDOWS\system32\ne1.exe
C:\WINDOWS\system\msnntlp.exe
C:\WINDOWS\system32\ge1.exe

detected under System Backup, no action done yet:

C:\System Volume Information\restore{E03DF8FC-71B9-45AC-B5A5-EBFA2F96CA1B}RP19\A0008282.EXE (detected: Trojan program Backdoor.Win32.SdBot.aad)

C:\System Volume Information\restore{E03DF8FC-71B9-45AC-B5A5-EBFA2F96CA1B}RP19\A0009500.EXE (Trojan program Backdoor.Win32.SdBot.aad)

C:\System Volume Information\restore{E03DF8FC-71B9-45AC-B5A5-EBFA2F96CA1B}RP19\A0008295.EXE (Trojan program Backdoor.Win32.SdBot.xd)


Are these files essential in running Windows? If not, might as well delete them to egt rid of the virus since they cannot be 'disinfected'.

Would appreciate any response. Thanks very much!!! :thumbsup:
Life is simple. You make choices, and you never look back. ~Han, Tokyo Drift~

BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:02:16 AM

Posted 15 July 2007 - 10:42 PM

As far as what service pack that you are using, just click {start} r click {My Computer} click [properties]

all the information will be under the general tab.

For the viruses, TrendMicro™ HouseCall Java Scan
  • Please go HERE to run the Trend Micro™ HouseCall Scan.
  • Click Scan now. It's free!
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  • You may receive a Security Warning about the TrendMicro Java applet, click YES.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users