Virus bkdr sdbot.cc

I've got a virus called BKDR SDBOT.CC that I've tried to get rid of. When I scan it and try to delete it, I'm told that it is in use. Does anyone know how I can get rid of it manually? or any other program that will get rid of it? When I do a search for it, it doesn't show up.

I've gone to http://housecall.trendmicro.com

It is located at C:/WINDOWS/SYSTEM32/MS.EXE

-Low risk manipulation...
Open task manager
Check in the processes the file MS.EXE...
End the processess and then go to the directory where the file is found and delete it...

-High risk manipulation (save the registry before)
Open the registry and go to this key (start, run, regedit)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Remove the key that has MS.EXE in it

Restart the computer in Safe mode...
go to the directory where the file is found and delete it...

Last but not least, check this page

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sadmind.html

Awesome, thanks so much that worked perfectly.

no problem

Hmmmmm.... I have just found a similar virus called BKDR Coreflood which I can't remove with Trend Micro free scan. How do I remove this one? Any ideas? Also could this Virus be the reason why my Yahoo mail account seems to have been hijacked and I can't access it?
Thanks

Here are symantec's instructions. You'll need to run your virus scan in safe mode, similar to what Symantec suggests to running there's (shouldn't make much of a difference which virus scan you use as long as it detects it).

Also note the instructions to disable system restore (ME/XP)

And don't miss the registry key that needs deleted.


And to answer your question about Yahoo -- Yes, this trojan uses the IRC channel to access it's servers.

Cool, i just got the same virus. Thx for the help on that one.

Thanks for all the info, I'll give it a go. Really pissed about my Yahoo account though. Anyway of me or Yahoo recovering it that you know of?
soundbird xx