what is it anyway
Printable View
what is it anyway
http://www.google.com/search?hl=en&i...=Google+Search
It's WORM_SDBOT.SEQuote:
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing during startup.
To remove the malware autostart entries:
1. Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
2. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
3. In the right panel, locate and delete the entry:
Microsoft System Checkup = "ntsysmgr.exe"
4. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>RunServices
5. In the right panel, locate and delete the entry or entries:
Microsoft System Checkup = "ntsysmgr.exe"
6. Close Registry Editor.
Removal Instructions: http://uk.trendmicro-europe.com/ente...=WORM_SDBOT.SE
Good Evening,
Sorry to be one of the bearers of bad news, but… you most likely got worms
W32/Sdbot-OC copies itself to the Windows system folder as NTSYSMGR.EXE and as COOL.EXE and creates entries in the registry at the following locations with the value Microsoft System Checkup so as to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
See:
http://www.sophos.com/virusinfo/anal...32sdbotoc.html
The link also lists the cleanup procedures.
http://www.sophos.com/support/disinfection/worms.html
W32/Sdbot-OC is a network worm which contains IRC backdoor Trojan functionality, allowing unauthorised remote access to the infected computer.
· Turns off anti-virus applications
· Allows others to access the computer
· Uses its own emailing engine
· Downloads code from the internet
· Records keystrokes
Aliases
· Worm.Win32.Donk.d
· WORM_SDBOT.SE
edit: a minute late....lol
Hey Hey,
Thanks for ruining my night guys.. now I have to spend it updating the script i posted in the other thread.... ;)
peace,
HT
A quick google, whatis.com, and search of tech net knowledge base. leads me to one conclusion.
Since I also use xp. (pro) and the file your asking about does not reside anywhere in my windows folders. Then chances are that google hit it right on the head. There is a good chance that file could be related to some type of mal ware or virus/trojen. Before you jump to any conclusions, update your virus def's, manually if need be, and do a quick scan of your system.
edit: if you have any problems with getting your virus scanner to work correctly you might have to do an online scan. for this i would recommend http://housecall.trendmicro.com
There online scanner is free and decent as far as an online scanner goes.
re edit: darn i type too slow.
Hey Hey,
I've now added this to my batch file for killing and removing the guilty files...
You can grab it @ http://www.antionline.com/showthread...897#post790853
Peace,
HT
are there patch for this crazy ass worm
A patch for which software? XP Pro, Your Anti-Virus (we'll need to know what you're using), firewall (again we'll need to know what you're using), monitoring software (yet again, we'll need to know what you're using (do you see a trend here? lol))?Quote:
Originally posted by fiercekid84
are there patch for this crazy ass worm
Please provide more information to help us help you.
i am using window xp no sp1 or sp2
gforcemx 440
512mb ram pc133
benq 822a dvd rw
pentium 3 866mhz
oh ya i am not using any anti-virus software or firewall