S
s
Operating system. Win2k with Service Pack 4
Computer brand name Dell
Model number Inspiron Optiplex G100
The last time the system/device was working normally. Before one week
Cannot post logs from event viewer as I cannot view them myself(maybe
because of the worm or something I dont know. I open the event viewer
and see number of errors for Disk,Bdsrv(dont remember this word
exactly) but when I try to do a right click and see the properties no
screen opens)
What I did
/////////////////////////////
I was using Mcafee ver
7.0 Enterprise Edition which I regularly updated and scanned my machine
using it. I am connecting to the Internet through a LAN and the LAN is
behind a firewall. I got the most recent stinger tool from Mcafee's
website but that could not find anything. I upgraded to Mcafee Beta
version 8 which detects the worm and deletes its infected files but
still cannot remove it(i.e. it deletes a infected .exe file but another
..exe gets infected in some hour or so). I followed the thread at
http://groups-beta.google.com/group/microsoft.public.win2000.general/
browse_frm/thread/368051af1bdb57b4/d93fc3a153116015?q=w32%2Fsdbot.worm.gen&rnum=28#d93fc3a153116015
Did everything they told Ran the Trend Sysclean package as instructed
on the Trendmicro website but that could not find anything(Its sysclean
log says no viruses found and after some time Mcafee reports that it
deleted a infected file by the w32/sdbot.worm.gen .
Went to houecall.trendmicro.com and used their free scan but that also
could not find anything. Rebooted in safe mode removed all suspicious
files which were in startup list from the registry,removed infected exe
files masqueraded as legitimate windows files by the worm from the
registry,cleaned my temp folder,Internet Temporary files folder,cleared
my history,cookies,used CWSShredder most recent version,ran
Adaware,Spybot Search and destroy,Hijackthis with updated definitions,
but that could not help me. My machine was fully patched as I go to the
Windows update and regularly apply the critical updates but now after
the infection I cannot go to that Windows update site. I had default
admin shares on my C drive(so I think a infected machine on my network
may have infected mine which I now disabled). I cannot open the
Add/Remove Programs in Control Panel to see if any unwanted programs
are there(When I try to open it I get a window with no entries of any
programs). I have Zonealarm free edition installed but even then I am
unable to remove the worm.
After the infection I unplugged my machine from the network and
connected only to go to Windows update site which was not successful.
I went to these sites and ran their scans
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.kaspersky.com/remoteviruschk.html
http://security.symantec.com/sscv6/default.asp
http://www.pandasoftware.com/activescan/activescan.asp
http://commandondemand.com/eval/index.cfm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php
http://www.pcpitstop.com/antivirus/default.asp
http://scan.sygatetech.com/prestealthscan.html
but that could not help me. Now the worm has disabled even my going to
those sites. I cannot go to any such site and start the Active X
control to start a scan.
I ran the scans in normal and safe mode,connected and disconnected from
the network but of no help.
The scans are set for all files,compressed and also to decode MIME
files. Msconfig does not work for me. Sysedit does not show anything
suspicious. But going to registry I removed the suspicious program
entries in safe mode. Also using the Advanced mode of Spybot search and
destroy I inspected the programs in startup but everything seems
normal. I still dont know where the worm may be hidden. I selected the
option of showing all files(even the operating system files) but cannot
still find the reason.
I have to try restoring the registry to a week or month
back and see if that helps me(I know it is very faint since the
problems is not by faulty registry entries but a worm so I doubt it
will work). If it does not I think what I have been told in the 24hr
support helpdesk at
http://groups-beta.google.com/group...66fc8db40fd/c15b417c11c64c81#c15b417c11c64c81
is the only
option.
////////////////////////////
My apologies for posting this in 24hr support helpdesk,dirverzone.com
and then here and I dont mean to make anybody upset but I need help and
options suggested in that group could not help me. I would appreciate
any ideas in helping me or pointing me to a right newsgroup.
Thanks for your help.
Computer brand name Dell
Model number Inspiron Optiplex G100
The last time the system/device was working normally. Before one week
Cannot post logs from event viewer as I cannot view them myself(maybe
because of the worm or something I dont know. I open the event viewer
and see number of errors for Disk,Bdsrv(dont remember this word
exactly) but when I try to do a right click and see the properties no
screen opens)
What I did
/////////////////////////////
I was using Mcafee ver
7.0 Enterprise Edition which I regularly updated and scanned my machine
using it. I am connecting to the Internet through a LAN and the LAN is
behind a firewall. I got the most recent stinger tool from Mcafee's
website but that could not find anything. I upgraded to Mcafee Beta
version 8 which detects the worm and deletes its infected files but
still cannot remove it(i.e. it deletes a infected .exe file but another
..exe gets infected in some hour or so). I followed the thread at
http://groups-beta.google.com/group/microsoft.public.win2000.general/
browse_frm/thread/368051af1bdb57b4/d93fc3a153116015?q=w32%2Fsdbot.worm.gen&rnum=28#d93fc3a153116015
Did everything they told Ran the Trend Sysclean package as instructed
on the Trendmicro website but that could not find anything(Its sysclean
log says no viruses found and after some time Mcafee reports that it
deleted a infected file by the w32/sdbot.worm.gen .
Went to houecall.trendmicro.com and used their free scan but that also
could not find anything. Rebooted in safe mode removed all suspicious
files which were in startup list from the registry,removed infected exe
files masqueraded as legitimate windows files by the worm from the
registry,cleaned my temp folder,Internet Temporary files folder,cleared
my history,cookies,used CWSShredder most recent version,ran
Adaware,Spybot Search and destroy,Hijackthis with updated definitions,
but that could not help me. My machine was fully patched as I go to the
Windows update and regularly apply the critical updates but now after
the infection I cannot go to that Windows update site. I had default
admin shares on my C drive(so I think a infected machine on my network
may have infected mine which I now disabled). I cannot open the
Add/Remove Programs in Control Panel to see if any unwanted programs
are there(When I try to open it I get a window with no entries of any
programs). I have Zonealarm free edition installed but even then I am
unable to remove the worm.
After the infection I unplugged my machine from the network and
connected only to go to Windows update site which was not successful.
I went to these sites and ran their scans
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.kaspersky.com/remoteviruschk.html
http://security.symantec.com/sscv6/default.asp
http://www.pandasoftware.com/activescan/activescan.asp
http://commandondemand.com/eval/index.cfm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php
http://www.pcpitstop.com/antivirus/default.asp
http://scan.sygatetech.com/prestealthscan.html
but that could not help me. Now the worm has disabled even my going to
those sites. I cannot go to any such site and start the Active X
control to start a scan.
I ran the scans in normal and safe mode,connected and disconnected from
the network but of no help.
The scans are set for all files,compressed and also to decode MIME
files. Msconfig does not work for me. Sysedit does not show anything
suspicious. But going to registry I removed the suspicious program
entries in safe mode. Also using the Advanced mode of Spybot search and
destroy I inspected the programs in startup but everything seems
normal. I still dont know where the worm may be hidden. I selected the
option of showing all files(even the operating system files) but cannot
still find the reason.
I have to try restoring the registry to a week or month
back and see if that helps me(I know it is very faint since the
problems is not by faulty registry entries but a worm so I doubt it
will work). If it does not I think what I have been told in the 24hr
support helpdesk at
http://groups-beta.google.com/group...66fc8db40fd/c15b417c11c64c81#c15b417c11c64c81
is the only
option.
////////////////////////////
My apologies for posting this in 24hr support helpdesk,dirverzone.com
and then here and I dont mean to make anybody upset but I need help and
options suggested in that group could not help me. I would appreciate
any ideas in helping me or pointing me to a right newsgroup.
Thanks for your help.