Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

problem with W32/sdbot.worm and rundll in windows xp


  • Please log in to reply

#1
jazz_air_312

jazz_air_312

    Member

  • Member
  • PipPip
  • 11 posts
Hello...for a couple of days i have been getting an alert from mcafee antivirus about the existance of a w32/sdbot.worm virus in my computer...i have performed a virus scan, and this is the report i received...i tried to clean and delete the infected files, however mcafee informs me that they are write-protected and cannot be deleted..

furthemore, i keep getting a rundll error, for which i will atach a screen shot,as i cannot reproduce the characters which appear in the error message..

if you could help me with this problem i would grealty appreciate it...

REPORT FROM MCAFEE VIRUS SCAN:

i need to specify that I use Opera browser, but when i tried to read some info regarding the worm (information provided by the mcafee virus database) some internet explorer windws opened, and that's why they are probably named in the report...i received the virus alert one day prior to the internet explorer incident...

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\84785_winsrp[1].exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\84785_winsrp[2.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O1K3MH6V\84785_winsrp[1].exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O1K3MH6V\84785_winsrp[2.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YBAN2JIT\84785_winsrp[1].exe

were infected with W32/Sdbot.worm and were deleted to complete the Clean process

C:\WINDOWS\system32\dllcache\winsntp.exe

was infected with W32/Sdbot.worm and was NOT FOUND

C:\WINDOWS\system32\nfqepoaj.dll

was infected with trojan: Vundo.dll and was deleted to complete the scan process

C:\winsntp.exe

was infected with W32/Sdbot.worm and eas deleted to complete the Clean process

However, even if the antivirus tells me that it has deleted the file,the alert message that my computer is infected still appears...

P.S: I read the "you must read this before posting a hijackthis log" at the top of the screed, and i would like to know if i really must perform all those steps, or if there is a faster way to clean my system of the virus...thanks a lot, again, for having patiente with me :whistling:

Attached Thumbnails

  • rundll_error.JPG

  • 0

Advertisements


#2
zbd

zbd

    Member

  • Member
  • PipPipPip
  • 271 posts
Have you followed the McAfee instructions:
1 disable system restore
2 update virus definition
3 reboot to safe mode
4 scan and delete virus
5 delete file manually


http://www.symantec..../...-99&tabid=3
http://driverzone.co...hread-1135.html

Run the Stinger virus remover:
http://www.majorgeek...wnload4063.html

Many people are not satisfied with McAfee. Try Avast, AVG or AntiVir (free programs)

http://www.majorgeek...Tool_d5420.html

Edited by zbd, 16 June 2007 - 09:47 AM.

  • 0

#3
jazz_air_312

jazz_air_312

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
i tried in safe mode, yes,and the result is the same...i will download avg antivirus and install it (after uninstalling mcafee of course:) )
the rundll error is generated by the same virus, or is it something else that gives that error?
after i scan with avg i'll give you a report on what it found and cleaned..thanks :whistling:
  • 0

#4
jazz_air_312

jazz_air_312

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
i forgot to mention i also get a generic host process error:

"Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience. "

Is this also related to the w32/sdbot.worm virus?
  • 0

#5
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
zbd: Malware advice is to be given ONLY by trained members of Malware Forum Staff.

jazz_air_312...

Please go to the Malware Forum and follow the instructions you'll find there.

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- post a hijackthis log in THAT forum. Do Not reply to or "bump" your own topic...if it shows a reply, it may be overlooked as one that is being worked on.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.

wannabe1
  • 0

#6
jazz_air_312

jazz_air_312

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
i posted my problem on the forum you indicated...i cannot install anything at the moment because rundll32 blocks me...i will try to find some answers there, and hopefully i'll return to this topic with good news..thank you for your help!!

Edited by jazz_air_312, 16 June 2007 - 01:00 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP