J
johngross
I was cleaning up my WinXP laptop, preparing to upgrade to SP2.
Symantec AntiVirus identified something as 'Backdoor.Sdbot' in a file
named 'dveldr.exe' in \windows\system32. The file was deleted, an
Internet Browser Temporary File Cache was deleted, and two registry
keys were actioned, as follows (I hve just copied these from the SAV
history log):
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon : Shell
[Action: Set]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RunServices :
Microsoft Time Manager [Action: Delete]
I thought nothing of this at the time; however, after upgrading to SP2,
I was checking in the registry for something and I noticed the same
file name in a key. I searched the registry for this name and found the
following keys mentioning the name:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\OLE]
"Microsoft Time Manager"="dveldr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared
Tools\MSConfig\startupreg\Microsoft Time Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dveldr"
"hkey"="HKLM"
"command"="dveldr.exe"
"inimapping"="0"
[HKEY_USERS\.DEFAULT\Software\Microsoft\OLE]
"Microsoft Time Manager"="dveldr.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\OLE]
"Microsoft Time Manager"="dveldr.exe"
[HKEY_USERS\S-1-5-21-436374069-706699826-854245398-500\Software\Microsoft\OLE]
"Microsoft Time Manager"="dveldr.exe"
I am concerned by the fact that that this file seems to be associated
with some Microsoft product "Microsoft Time Manager", and that it may
be important in some way.
Although the above registry keys exist now (I have no idea whether any
of them existed pre-SP2), the .exe file does not exist post-SP2.
Can anyone tell me how important it is, and whether I should re-install
it (presumably from my original XP install CD?)
Symantec AntiVirus identified something as 'Backdoor.Sdbot' in a file
named 'dveldr.exe' in \windows\system32. The file was deleted, an
Internet Browser Temporary File Cache was deleted, and two registry
keys were actioned, as follows (I hve just copied these from the SAV
history log):
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon : Shell
[Action: Set]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RunServices :
Microsoft Time Manager [Action: Delete]
I thought nothing of this at the time; however, after upgrading to SP2,
I was checking in the registry for something and I noticed the same
file name in a key. I searched the registry for this name and found the
following keys mentioning the name:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\OLE]
"Microsoft Time Manager"="dveldr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared
Tools\MSConfig\startupreg\Microsoft Time Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dveldr"
"hkey"="HKLM"
"command"="dveldr.exe"
"inimapping"="0"
[HKEY_USERS\.DEFAULT\Software\Microsoft\OLE]
"Microsoft Time Manager"="dveldr.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\OLE]
"Microsoft Time Manager"="dveldr.exe"
[HKEY_USERS\S-1-5-21-436374069-706699826-854245398-500\Software\Microsoft\OLE]
"Microsoft Time Manager"="dveldr.exe"
I am concerned by the fact that that this file seems to be associated
with some Microsoft product "Microsoft Time Manager", and that it may
be important in some way.
Although the above registry keys exist now (I have no idea whether any
of them existed pre-SP2), the .exe file does not exist post-SP2.
Can anyone tell me how important it is, and whether I should re-install
it (presumably from my original XP install CD?)