Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Sathurbot.E Trojan Infection

  • Please log in to reply
2 replies to this topic

#1 char1


  • Members
  • 3 posts
  • Local time:09:47 PM

Posted 23 December 2016 - 03:00 PM

I am running Windows 10 Home. I opened what I believe is to be an infected video codec file called "Ultra XVid Codec Pack." I received an error during the installation.


Then I started receiving pop-ups from ESET NOD 32:


Threat found

Object: always a website ending in .php

Threat: Win32/Botnet.Other trojan

Information: connection terminated


These pop-ups would happen every second with each one a different website ending in .php would show up


I installed Malwarebytes and did a scan. The software identified a few system files that were infected with Sathurbot.E.


I quarantined those files with Malwarebytes and now I don't receive any pop-ups from ESET. However, ESET did not quarantine them, just identified a general threat (as in the example above)


Knowing that Sathurbot.E changes the name of system files and can cause problems in the long run, I have these questions:

- I am wondering if I need to "reset" my PC (through the Windows settings that re-installs Windows all over again). Or whether the quarantine is enough? If the files are quarantined, does that mean they are unuseable and can cause issues down the road?

- Have I done all that needs to be done or is there more that I need to do?

- The Malwarebytes software I installed is a trial version so after that ends, I am wondering what would happen to the quarantine files


Thank you!





BC AdBot (Login to Remove)


#2 char1

  • Topic Starter

  • Members
  • 3 posts
  • Local time:09:47 PM

Posted 23 December 2016 - 03:11 PM

One more Q - how do I figure out when Sathurbot.E was installed to make sure that it was the one that coincided with the earlier error (an not an older infection that was just identified when I installed Malwarebytes)? Thanks!

#3 Struppigel


    Karsten Hahn, G DATA Malware Analyst

  • Malware Response Team
  • 231 posts
  • Gender:Male
  • Local time:03:47 AM

Posted 01 January 2017 - 05:39 AM

goGMWSt.gifBackdoor Warning


One or more of the identified malware is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal system, financial & personal information.
If your computer has been used for online banking, has credit card information or other sensitive data, using a non-compromised computer/device you should immediately change all account information (including those used for Email, eBay, Paypal, online forums, etc).
Banking and credit card institutions should be notified of the possible security breach. Please read the following article for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
Whilst the identified malware can be removed, there is no way to guarantee the trustworthiness of your computer unless you reformat your hard drive and reinstall your Operating System. This is due to the nature of the malware, which allows a remote attacker to make any kind of modification. Many experts in the security community believe that once compromised with this type of malware, the best course of action is to reformat/reinstall. Please read the following articles for more information.You now have the choice between cleaning the malware present or reformatting your computer. Ultimately, the decision is yours, and what you're most comfortable with. Once you've read the articles linked above, let me know if you have any questions.
If you want us to clean your system, please follow the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users