I already have avg and adaware plus I recently added ewido. These take care of everything else that comes through the door but won't either delete or quarintine the backdoor bot-what else can I do.
2006-09-26 08:11:27 · 4 answers · asked by dinosaur 1 in Computers & Internet ➔ Security
Update your AV and AS programs, then restart the system in safe mode and run a full system scan. Delete all the files detected as infected with this virus.
Open the Windows Registry Editor.
Go to the key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Skype
and delete the values
ImagePath = %Windows%\skype32.exe
DisplayName = Skype Messenger
ObjectName = LocalSystem
from the right hand side.
Go to the key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
and delete the values
AntiVirusDisableNotify = 1
AntiVirusOverride = 1
FirewallDisableNotify = 1
FirewallOverride = 1
UpdatesDisableNotify = 1
from the right hand side.
Go to the keys
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
and delete the value
EnableFirewall = 0
from the right hand side.
Go to the key
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
and delete the value
DoNotAllowXPSP2 = 1
from the right hand side.
Go to the keys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters
and delete the values
AutoShareServer = 0
AutoShareWks = 0
from the right hand side.
Modify the default value
Start = 4
to
Start = 2
under the keys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
Modify the default value
Start = 4
to
Start = 3
under the key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr
Modify the default value
WaitToKillServiceTimeout = 7000
to
WaitToKillServiceTimeout = 20000
under the key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
Modify the default value
EnableDCOM = N
to
EnableDCOM = Y
under the key
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
Close the Windows Registry Editor.
Restart the system.
2006-09-26 08:27:12 · answer #1 · answered by Fix My PC Mike 5 · 0⤊ 0⤋
hi, perhaps you can try Norton to remove the virus and protect your PC. but you need to pay for the software
i recommand you to use firefox with Google toolbar. firefox can disable all virus to run, because the virus can only run on IE.
besides, firefox can block any any poppus and disable any virus and adware, spyware on webpage, so, firefox is much safer than IE. as you know, most of the virus is spread throught internet and webpage.
firefox is much smaller than IE, so i run faster than IE.
download firefox for free:
http://www.bernanke.cn/firefox/
Best Wishes && Good Luck!
2006-09-27 05:24:47 · answer #2 · answered by Anonymous · 0⤊ 0⤋
Ewido is able to remove this Downloader Trojan. The important thing to do is set up your computer for removal. Scanning for detection in normal mode is OK, but, removal should be done this way:
Trojan Removal Procedure.
Malware is a general word for all form of Viruses, Spyware etc. This procedure works for all Malware. Replace the Ewido program with the appropriate program.
You might be unable to access the Internet after removing the Malware so you will need to run LSPfix or Winsockxpfix (as appropriate). Download one and save to desktop, run it later.
LSPfix: all Windows OS except 95.
http://www.cexx.org/lspfix.htm
Winsock XP Fix: Windows XP only.
http://www.spychecker.com/program/winsockxpfix.html
Download and Update Ewido:
http://www.ewido.net/en/download/
-- If you have problems updating see here:
http://www.ewido.net/en/download/updates/
Once the updates are installed do the following:
Let's get cleaning
Part 1
• Temporarily show hidden files.
For Windows XP:
1.
Click Start, and then click Control Panel.
2.
Click Appearance and Themes, and then click Folder Options.
3.
On the View tab, under Hidden files and folders, click "Show hidden files and folders", and clear(uncheck) the "Hide protected operating system files" check box.
For older systems:
1.
Double-click My Computer, click View, and then click Folder Options.
2.
On the View tab, under "Hidden files and folders", click "Show hidden files and folders", and clear (uncheck) the "Hide protected operating system files" check box.
IMPORTANT: Files are hidden by Windows for a very good reason. It is not wise to experiment with these files. Unfortunately, to successfully remove modern spyware we must turn this protection off temporarily. Please turn the protection back on when you have finished cleaning your system.
Empty your Internet Explorer cache and your other temporary file folders:
1.
On the Internet Explorer Tools menu, click Internet Options.
2.
On the General tab, in the Temporary Internet Files section, click the Delete Files button. This will delete all the files that are currently stored in your cache.
3.
Select the Delete all offline content check box in the confirmation dialogue box that appears, click OK.
4.
Click OK again.
Restart in Safe Mode:
To do this you need to hold down or repeatedly tap the F8 key while the computer is booting (when the computer is displaying a black screen with white text). When the boot menu appears, use your keyboard arrows to select "Safe Mode."
Safe Mode can look quite ugly. The color may look bad, and all of your desktop icons will be very large. This is normal.
Start Scan and let Ewido scan the PC
When the scan and removal are completed REBOOT COMPUTER. This will restart you in normal mode.
If you are unable to access the Internet after removing Malware you will need to run LSPfix or Winsockxpfix (as appropriate).
If you are using Windows XP Service Pack 2 (SP2) and are unable to access the Internet after removing Malware, there is a command that may fix the problem, removing the need to run Winsockxpfix. It works by resetting the winsock catalogue. Click on Start, then Run and type CMD in the dialogue box that appears. Click OK. Type "netsh winsock reset" (no quotes)into the DOS window that appears.
The last steps
If you are running Windows XP or Windows ME, and your computer has been successfully cleaned of Malware, there is one more thing that needs to be done.
Delete any old restore points and then create a new restore one. The old ones may, of course, be infected with the Malware and cannot be used.
First, start and then stop the Restore Service. This is done differently depending on what operating system you are running.
Windows XP:
1.
Click Start, and then click Control Panel.
2.
Click Performance and Maintenance, click System, and then click on the System Restore tab.
3.
Select the Turn Off System Restore check box, click Apply, then restart your computer.
4.
Return to the System Restore Tab and turn System Restore back on.
Windows ME:
1.
Click Start, click Control Panel, click System.
2.
Click Performance, click File System, and then click Troubleshooting.
3.
Enable the option Disable System Restore, click Apply then restart your computer.
4.
Return to the Troubleshooting tab and turn System Restore back on.
To set a manual restore point complete the following steps:
1.
Click the Start button.
2.
Point to Programs, then navigate to Accessories, then System Tools, then click System Restore.
3.
Choose Create a restore point, and then click Next.
4.
In the Restore point description box, type a name for your restore point, and then click Next.
5.
Click OK.
Since this is a Downloader you might discover other infections on your computer after its removal. Use the above procedure with other programs to remove these infections (if any).
2006-09-26 08:44:36 · answer #3 · answered by Anonymous · 0⤊ 0⤋
remove backdoor.sdbot.xd
http://www.pctools.com/mrc/infections/id/Backdoor.SDBot.XD/
2006-09-26 08:30:44 · answer #4 · answered by Anonymous · 0⤊ 0⤋