BackDoor.SDBot.Gen

[Kevin Altizer]

A friend of mine has an XP machine that was infected by sasser, he said. I
downloaded the fix to a floppy and ran it in his machine. The first time it
found two files and repaired them. He has dial-up and when he got on the
next day, he started getting bumped off again. He downloaded symantec
anti-virus software and began to scan. This scan produced about 13 infected
files and could not repair so it quarantined. I sent him an email asking
how his machine was running and he said he still has some problems like
pages with holes in them, kind of bazaar behavior, if you will. The day I
looked at it I found BackDoor.SDBot.Gen running in the background. Is there
a way to clean this machine without doing a restore? Thanks in advance.

 

[sh4d03]

Step 1: Go and "BUY" a decent Anti-Virus program (that does NOT include
Norton, whether downloaded or paid for). I would recommend anything by
Computer Associates such as VET.
Step 2: Run the usual Spyware removal tools spoken of often in these
newsgroups:
AdAware
SpyBot
SpySweeper
SpyBlaster
Basically I'd be installing ALL of these. The top three are removal
tools while the last one is a shield.
Step 3: Install your web browser over the top of itself - presumably
Internet Explorer 6. Re-install it over the top and make sure you have
SP1 for both Windows XP and Internet Explorer.
Goodluck
sh4d03

 

[Jason Wade]

A friend of mine has an XP machine that was infected by sasser, he said.
I downloaded the fix to a floppy and ran it in his machine. The first
time it found two files and repaired them. He has dial-up and when he
got on the next day, he started getting bumped off again. He downloaded
symantec anti-virus software and began to scan. This scan produced
about 13 infected files and could not repair so it quarantined. I sent
him an email asking how his machine was running and he said he still has
some problems like pages with holes in them, kind of bazaar behavior, if
you will. The day I looked at it I found BackDoor.SDBot.Gen running in
the background. Is there a way to clean this machine without doing a
restore? Thanks in advance.

Try these utilities:

Spybot Search and Destroy:
http://www.safer-networking.org/

Mcafee Stinger:
http://vil.nai.com/vil/stinger/

AdAware 6
http://www.lavasoftusa.com/software/adaware/

Tell your friend to stay connected to the 'net only long enough to
download the removal software. Then he/she should physically unplug the
internet cable.

Your friend might have to run the utilities in safe mode to delete the
malware.

Make sure your friend knows about the dangers of using windows
on the internet.

Windows XP: Surviving the First Day:
http://www.sans.org/rr/papers/index.php?id=1298

CERT/CC: Tech Tip: Before Connect a New Computer to the Internet
http://www.cert.org/tech_tips/before_you_plug_in.html

good luck and safe computing