Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Avast And Win32:sdbot [trj]

  • Please log in to reply
2 replies to this topic

#1 rach0718


  • Members
  • 9 posts
  • Local time:05:50 PM

Posted 02 December 2005 - 11:01 AM

i have windows xp pro sp2. a few days ago, i installed avast antivirus. and with avast, after you install it, it does a quick scan of your hard drive upon boot up. the scan starts before i log in to windows (so its just the blue screen and the scanning). it is said that the scanning only happens once.

avast managed to find 2 infected files. i deleted the other one. the second one was this:

c:/system volume information\_restore{05779BB2...SomeMoreNumbers....34.des is infected with Win32:sdbot_47 [trj]

i didnt delete that file because i was afraid that something bad was going to happen.

so after researching and asking people about it, i have been adviced to disable system restore and do a scan in safe mode.

i didnt disable the system restore because all my restore points would be deleted and there are people who adviced against this.

so i did a full scan on safe mode. some files could not be scanned. actually, around 288 of them. an example is...
local settings/temp/..... unable to scan:CAB archive is corrupted
what does this mean?
others are unable to scan:archive is password protected.

after the scan, there werent any infected files found! i am quite sure that the win32:sdbot is still there because i have not deleted it! why wasnt avast able to find this? i have done online scans too but it came up with nothing.

also, when i run spybot, these 2 files always come up after deleting them lots of times already!!
Windows Security Center. AntivirusDisableNotify
Windows Security Center. FirewallDisableNotify

should i reinstall avast to get the boot up type of scan?

i hope you can help me :thumbsup:

BC AdBot (Login to Remove)


#2 rach0718

  • Topic Starter

  • Members
  • 9 posts
  • Local time:05:50 PM

Posted 05 December 2005 - 04:51 AM

should i just disable my system restore or what?

#3 acklan


    Bleepin' cat's meow

  • Members
  • 8,529 posts
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:03:50 AM

Posted 05 December 2005 - 07:49 AM

Hello rach0718 and welcome to BC. Do not do anything. Do not disable System Restore. I need you to go to " Preparation Guide For Use Before Posting A Hijackthis Log" and do everything is says. These guys and gals will get you thru this. Please be patient. You should also go here for more information.
You will be tempted to modify the HJT log. Do not do this. You can damage you windows to the point it will need to be reinstalled. The HJT Team are professionals that donate thier time to help people like us. They will help. Like I said just be patient,
"2007 & 2008 Windows Shell/User Award"

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users