Virus bkdr sdbot.cc

  • taintedmemories
  • Newbie
  • Newbie
  • User avatar
  • Posts: 7
  • Loc: La Mesa, CA

Post 3+ Months Ago

I've got a virus called BKDR SDBOT.CC that I've tried to get rid of. When I scan it and try to delete it, I'm told that it is in use. Does anyone know how I can get rid of it manually? or any other program that will get rid of it? When I do a search for it, it doesn't show up.

I've gone to http://housecall.trendmicro.com

It is located at C:/WINDOWS/SYSTEM32/MS.EXE
  • Ragnar78
  • Proficient
  • Proficient
  • Ragnar78
  • Posts: 279

Post 3+ Months Ago

-Low risk manipulation...
Open task manager
Check in the processes the file MS.EXE...
End the processess and then go to the directory where the file is found and delete it...

-High risk manipulation (save the registry before)
Open the registry and go to this key (start, run, regedit)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Remove the key that has MS.EXE in it

Restart the computer in Safe mode...
go to the directory where the file is found and delete it...

Last but not least, check this page

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sadmind.html
  • taintedmemories
  • Newbie
  • Newbie
  • User avatar
  • Posts: 7
  • Loc: La Mesa, CA

Post 3+ Months Ago

Awesome, thanks so much that worked perfectly.
  • Ragnar78
  • Proficient
  • Proficient
  • Ragnar78
  • Posts: 279

Post 3+ Months Ago

no problem :)
  • soundbird
  • Born
  • Born
  • soundbird
  • Posts: 2

Post 3+ Months Ago

Hmmmmm.... I have just found a similar virus called BKDR Coreflood which I can't remove with Trend Micro free scan. How do I remove this one? Any ideas? Also could this Virus be the reason why my Yahoo mail account seems to have been hijacked and I can't access it? :cry:
Thanks
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23460
  • Loc: Woodbridge VA

Post 3+ Months Ago

Here are symantec's instructions. You'll need to run your virus scan in safe mode, similar to what Symantec suggests to running there's (shouldn't make much of a difference which virus scan you use as long as it detects it).

Also note the instructions to disable system restore (ME/XP)

And don't miss the registry key that needs deleted.


And to answer your question about Yahoo -- Yes, this trojan uses the IRC channel to access it's servers.
  • Smokenjoe
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1573
  • Loc: Anchorage, AK

Post 3+ Months Ago

Cool, i just got the same virus. Thx for the help on that one. :)
  • soundbird
  • Born
  • Born
  • soundbird
  • Posts: 2

Post 3+ Months Ago

Thanks for all the info, I'll give it a go. Really pissed :evil: about my Yahoo account though. Anyway of me or Yahoo recovering it that you know of?
soundbird xx

Post Information

  • Total Posts in this topic: 8 posts
  • Users browsing this forum: No registered users and 46 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.