Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Irc.backdoor.sdbot.syi


  • Please log in to reply
3 replies to this topic

#1 Ledah

Ledah

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 17 June 2006 - 11:54 PM

Well, yeah, My AVG is acting up with a IRC.Backdoor.SdBot.SYI and everytime i try Repair or Quarantine, it tells me i need to restart computer, and after restarting, it still appears.
Everytime i load my comp, it's goes at the nice expected speed, but when AVG popup the problem, if i try to Ignore, or Repair without Rebooting, the computer start to get effing slow, and the Task Manager detect svchost.exe to take around 70-80% of the computer power... At first, since i saw IRC, i stopped using my mIRC, downloaded a new one, installed it in a new folder, and didnt even transfer the scripts (i just rewrote them back), i still found that problem. I thought it might target any mirc.exe wherever it is, so i completly stopped using it. Even if IRC is pretty much all my life now. Yet, i STILL get the problem ;_;

Just in case, i have a HJT log... And if it's not removable with that, please give me steps to remove it or something because when svchost start acting up, it takes me hours just to load My Computer. i wont even talk about how deformed my WinAmp sound becomes...

Edited by Ledah, 18 June 2006 - 12:11 AM.


BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 18 June 2006 - 02:17 AM

Hello Ledah,
If you want to- you can try to manually remove this trojan, using the instructions found here:
Backdoor.Sdbot Removal. But, please only do this if you have a good previous knowledge of computers, as it involves editing the registry.

Since you have a HijackThis Log from this infected computer, I would recommend that you simply post this in out HijackThis Logs And Analysis Forum which can be found here. An expert will then guide you through how to remove it in simple steps.
However, make sure you have followed our Preparation Guide for use before posting a HijackThis Log, as this may remove your problem. This guide can be found here.
As you may have noticed, the forums are very busy at the moment, so please be patient when waiting for a response.
Also, during the waiting time, try not to make any changes to your computer without an expert's approval; you may ruin the fix they are creating for you.

Good luck with the removal of this nasty trojan.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 Ledah

Ledah
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 18 June 2006 - 12:25 PM

Thanks for the manual removal... Yeah, i've been in computer for almost 10 years before, and it will not be my first editing of the registery i'll make... but there is only the "Unregister the following DLLs" that bugs me as i dont remember doing it before, even if it involve the use of DOS to do it i'll be fine

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 18 June 2006 - 12:43 PM

Good luck with your removal of this worm.
Please post back with any additional comments, probelms or updates.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users