Have Tiny Firewall running, Spyware Doctor and Norton Anti-virus.
Spyware Doctor is reporting it has found traces of Sdbot. It has detected it in the registry under the HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NTFSDISCMAN key. And under ControlSet002 and CurrentControlSet. Can't edit or remove these keys as they are protected although I have admin rights.
Norton Anti-virus detects Rbot and denied access to the file. Can't find it though as it is supposed to be listed as \winnt\system32\.exe. But no such file.
When I block all internet traffic Tiny's Activity Monitor reports it has blocked several outgoing ICMP signals to various IP's listed under 'System'. It leads me to conclude my PC is now part of a network, maybe to be used in DDoS attacks?
Please, help me remove these threats. I am at a loss. No use posting a HijackThis log BTW, is shows nothing related to these issues.
Edited by FredHVG, 12 August 2006 - 03:24 PM.