SERIOUS PROBLEM WITH MY PC

[Lakshmi Jagarlapudi]

Hi,
I am having a Gateway PC with comcast Internet connection available 24 X 7.
Of late for the last week, the PC is not working properly. A few problems
are
i) . If I open the task manager it the task manager window comes up but
suddenly disappears and a small orange
box appears in the system tray which also disappears in a second.
ii) If I start the regedit (by running the regedit on command line), it does
not even come up.
These are the only known problems, I donot know what exactly is the problem
with my PC.
I ran the Norton's antivirus and I came to know that my computer is infected
with w32.spybot.worm
and so I have followed the instructions given at the url given below.
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html
After all the scanning, restarting in safe mode, scanning again etc, I was
pointed at the following file as the infected file.
\WINNT\SYSTEM32\SDGOIJE.EXE
However I am not able to delete, rename or move the file as it is the system
file.
However my question is even if I were able to delete the file, it is correct
to delete the file, because the file \WINNT\SYSTEM32\SDGOIJE.EXE seems to be
a system file. Any responses please,
thanks,.
Can any body provide me help in how do I resolve this issue. Your help is
highly appreciated.
Thanks in advance,

 

[Ben Jorna]

Hi,
I am having a Gateway PC with comcast Internet connection available 24 X 7.
Of late for the last week, the PC is not working properly. A few problems
are
i) . If I open the task manager it the task manager window comes up but
suddenly disappears and a small orange
box appears in the system tray which also disappears in a second.
ii) If I start the regedit (by running the regedit on command line), it does
not even come up.
These are the only known problems, I donot know what exactly is the problem
with my PC.
I ran the Norton's antivirus and I came to know that my computer is infected
with w32.spybot.worm
and so I have followed the instructions given at the url given below.
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html
After all the scanning, restarting in safe mode, scanning again etc, I was
pointed at the following file as the infected file.
\WINNT\SYSTEM32\SDGOIJE.EXE
However I am not able to delete, rename or move the file as it is the system
file.
However my question is even if I were able to delete the file, it is correct
to delete the file, because the file \WINNT\SYSTEM32\SDGOIJE.EXE seems to be
a system file. Any responses please,
thanks,.
Can any body provide me help in how do I resolve this issue. Your help is
highly appreciated.
Thanks in advance,

If you boot with a MS-DOS bootdisk you can remove the file (after removing
all attributes). You can do that safely. SDGOIJE.EXE is NOT a system file.
It behaves like one, but it´s just the virus itself. And even if it were,
then you still should delete it (because it contains the virus) and you
should restore it afterwards, using the SFC (System File Check) command in
Windows.

Lots of succes,

Ben

 

[Doug Knox MS-MVP]

See www.dougknox.com, Win XP Utilities, Create Emergency Copies of Critical
XP System Utilities. This small VB Program will create backup, usable
copies of Task Manger, Regedit and MSConfig (named Taskmgr1.exe, Regedit.com
and MSConfig1.exe) in a new folder C:\EmergencyUtil. Many virus
executablesf will intercept these programs, based on their original file
name. The modified file names, allow them to be run. Open Windows Explorer
to C:\EmergencyUtil and double click the application you need. The next
revision will allow you to browse for the folder you want to place the
backups in.

Run the "renamed" Task Manager and go to the Processes tab. Locate the
process named SDGOIJE.EXE, highlight it and select End Process. Now you
should be able to delete the file.