what is it anyway
Printable View
what is it anyway
http://www.google.com/search?hl=en&i...=Google+Search
It's WORM_SDBOT.SEQuote:
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing during startup.
To remove the malware autostart entries:
1. Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
2. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
3. In the right panel, locate and delete the entry:
Microsoft System Checkup = "ntsysmgr.exe"
4. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>RunServices
5. In the right panel, locate and delete the entry or entries:
Microsoft System Checkup = "ntsysmgr.exe"
6. Close Registry Editor.
Removal Instructions: http://uk.trendmicro-europe.com/ente...=WORM_SDBOT.SE
Good Evening,
Sorry to be one of the bearers of bad news, but… you most likely got worms
W32/Sdbot-OC copies itself to the Windows system folder as NTSYSMGR.EXE and as COOL.EXE and creates entries in the registry at the following locations with the value Microsoft System Checkup so as to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
See:
http://www.sophos.com/virusinfo/anal...32sdbotoc.html
The link also lists the cleanup procedures.
http://www.sophos.com/support/disinfection/worms.html
W32/Sdbot-OC is a network worm which contains IRC backdoor Trojan functionality, allowing unauthorised remote access to the infected computer.
· Turns off anti-virus applications
· Allows others to access the computer
· Uses its own emailing engine
· Downloads code from the internet
· Records keystrokes
Aliases
· Worm.Win32.Donk.d
· WORM_SDBOT.SE
edit: a minute late....lol
Hey Hey,
Thanks for ruining my night guys.. now I have to spend it updating the script i posted in the other thread.... ;)
peace,
HT
A quick google, whatis.com, and search of tech net knowledge base. leads me to one conclusion.
Since I also use xp. (pro) and the file your asking about does not reside anywhere in my windows folders. Then chances are that google hit it right on the head. There is a good chance that file could be related to some type of mal ware or virus/trojen. Before you jump to any conclusions, update your virus def's, manually if need be, and do a quick scan of your system.
edit: if you have any problems with getting your virus scanner to work correctly you might have to do an online scan. for this i would recommend http://housecall.trendmicro.com
There online scanner is free and decent as far as an online scanner goes.
re edit: darn i type too slow.
Hey Hey,
I've now added this to my batch file for killing and removing the guilty files...
You can grab it @ http://www.antionline.com/showthread...897#post790853
Peace,
HT
are there patch for this crazy ass worm
A patch for which software? XP Pro, Your Anti-Virus (we'll need to know what you're using), firewall (again we'll need to know what you're using), monitoring software (yet again, we'll need to know what you're using (do you see a trend here? lol))?Quote:
Originally posted by fiercekid84
are there patch for this crazy ass worm
Please provide more information to help us help you.
i am using window xp no sp1 or sp2
gforcemx 440
512mb ram pc133
benq 822a dvd rw
pentium 3 866mhz
oh ya i am not using any anti-virus software or firewall
Please tell me he is kidding....... :confused:Quote:
i have the same problem fiercekid84 ....the websites i have come across to try and remove this worm require a download. well it seems to prevent me from downloading the software. i dont know what to do . all i know is i am gettin really frustrated , really fast. i have a gateway desktop pc, and i'm not savy on all of these commands and abbrevions everyone is using.
OK; time to step back, and take a breather here ............
fiercekid84 AND territ
http://www.antionline.com/showthread...418#post790418
You BOTH have to learn a little as you go:Quote:
swat-it = http://swatit.org/
Quote:
Swat It is a Completely FREE program that scans your computer for Trojans, Worms, Bots and other Hacker programs. Swat It can detect and remove over 4000 different Trojan programs plus variants
AdAware = http://www.lavasoftusa.com/software/adaware/
Quote:
Ad-Aware is designed to provide advanced protection from known Data-mining, aggressive advertising, Parasites, Scumware, selected traditional Trojans, Dialers, Malware, Browser hijackers, and tracking components. With the release of Ad-Aware SE Personal edition, Lavasoft takes the fight against Spyware to the next level.
SpyBot S+D = http://www.safer-networking.org/en/index.html
Quote:
Welcome...
... to www.spybot.info, the home of Spybot-S&D, the best (according to PC World, PC Mag, ...) privacy software available!
If you don't run anything, try these.
They should find and neutralize almost everything out there.
If you DO run protection, it might help if you post your routine:
What do you use ?
How often do you update / use them ?
How many 'baddies' have you removed recently ?
Also details of your OS and PC set up can help.
Get a firewall on PERMANENTLY.
Free ones include:
Quote:
zone alarm:
http://www.zonelabs.com/store/conte...reeDownload.jsp
sygate:
http://soho.sygate.com/default.htm
And here is one I found in PCmag:
http://www.antionline.com/showthread...hreadid=262022
Get Anti-Virus running, update it regular.
keep the above FREE tools on the system, USE THEM. Update them weekly as well.
The above FREE items are easy to install and run.
If you are experiencing difficulties in downloading any of these tools, then use a friends, and burn them to CD.
But you have to have SOMETHING running to help protect your system.
Leaving it to chance is no longer an option.
And 'Security through Obscurity' has passed its sell by date.
Nowadays, there are laws going through that will make YOU responsible, if your system is compromised, and it is used to compromise others.
When you have these tools ready. DISCONNECT from the WWW :eek:
Turn OFF your computer :eek: :eek:
On re-booting, go into 'safe mode' [hit F8 as the PC goes into its routine] Safe mode will only allow certain parts of the software to work, drivers and peripherals are disabled.
Run the tools now, clean up after yourself, get the PC to re-boot as normal, come back to AO and repost your findings here.
Until you are seen to be doing SOMETHING, then you will be seen as worthy of helping.
Remember all that you are doing, and use it religiously, when someone else comes here with a similar problem, then YOU will be able to help, as we are trying to help you.
We await your next visit .....................
I second foxloxley's post above. I certainly couldn't have put it better myself.
Read, digest, ask questions if you need to. Most of all act on this advice If you read the threads that foxyloxley has linked to, then you will be a good way down the right track.
If anything is confusing, then seek clarification in the AntiOnline forums, but take the time to do a little research on the software highlighted first. You just might learn something.
A search of AntiOnline regarding this software will give you plenty of educational reading. Investing some time in this activity will pay dividends and help you to help yourselves.
Here's a link to the advanced search facility on AntiOnline:
Advanced search
Happy learning.
If you need further help, just ask.
are there patch for this in the 1st place?????
Didn't you ask this earlier? I Would suggest you get fully up to date with XP Updates!Quote:
by fiercekid84
are there patch for this in the 1st place?????
Can you post again to tell us what actions you have taken?
Have you installed a firewall and anti-virus software?
The advice given to you in this thread, if followed, will sort out your problem. Is there anything that you don't understand?
Your posts are still lacking even a little detail.
Help us to help you!
EDIT
There are two specific patches for ntsysmgr.exe. Here are links to them for the 32bit version of XP:
KB823980
IIS Remote Exploit from ntdll.dll Vulnerability
Note: The details for this patch contains:
//EDITQuote:
A more recent critical security update is now available. To find the latest security releases for you visit Windows Update and click "Scan for updates." And visit the Protect your PC site to learn how to have the latest security updates delivered directly to your computer.
so that is the only patch???? and will the same virus come back again and again??? cos i cannot to afford to buy antivirus software
I think that what you REALLY mean is:Quote:
cos i cannot to afford to buy antivirus software
You can't afford NOT to buy Anti-Virus software...............
And there is a number of FREE AV suites out there.
Remember: Google is your friend ..........
http://www.google.com/search?hl=en&i...+suite&spell=1
No Service packs? No firewall? No Virus guard? what a hero!
As a prositute once told me (I was NOT a client, thankupleeze): It's not a gift unless it's wrapped :)
1. Patch your machine: http://windowsupdate.microsoft.com/
2. Install a firewall: http://www.zonelabs.com/store/conten...ku_list_za.jsp or Google it
3. Install a virus guard: http://www.grisoft.com/us/us_index.php
4. (optional (?)):Install a spyware killer - Google this
If you cannot get these from another source you MAY be able to temporarily disable any worms/viruses/malicious code/smurfs and goblins by hitting ctrl-alt-del and pressing "End process" to any programme which looks like it shouldn't be there.
You NEED to do these things otherwise your computer is going to forever suffer and your net connection will become slower than Professor Slow, chair of slow studies at slow university.
Now - go wrap it up.
I too agree with the advice you have already been given.
Just to add a few more options....
get an old old PC with a little Ram, a small Hard drive, a hardware modem, and a nic...
visit Smoothwall {dot}org
Download, burn the iso, and install this on teh old pc. Its not a sure bet, but its free and if you follow their instructions to a T, Installation is pretty easy. Some of the features of the firewall are pretty good as well.
I know this is not a windows based firewall, and therefore probably does not help you a whole lot, but it is a reliable solution to the no firewall situation. It offers DHCP, PROXY, I have not extensively tested the ability of this firewall, however I have used it, and have installed it for a few customers, adn things have went rather well since.
You can also obtain AVG antivirus for free simply by clicking here and getting their free version
Then you can also visit the search gods and look for spybot search and destroy
Another wonderous solution would be Get Linux
but Unless you kow it it does take some time to learn...
If you are a Dedicated fan of Mr. Bill Screaming 46 billion in reserves and counting You may not enjoy the switch to Linux. As my system information will reflect, I am on a windows box right now. But I have my *nix boxes both right here beside me as well.
For some other alternatives... check out the site that has publicly declared its love for microsoft
I know I really did nto contribute anything here that was not already said, but I remember when I got my first computer.... Oh boy what a joy that was for anyone who had a clue....lol...
Today things are a bit different...