Win32:SdBot-3267 Trj ???????

[Abarbarian]

I got this nasty an me Avast will deal with it ok by putting it in the Chest . It seems to be an important file in an .exe of a program I want to install . If I put the file in the chest the program will not install due to the file being missing .
Is this a real nasty or is my anti-virus just being too picky . I'd really like to run the prog but not if its going to mess with me pc and me life .
All I can find by googling is lots of - run our free scan and freak yourself out so youll buy our product sites but no real info .

 

[Adywebb]

Would help to know what the program is that has this file that you are trying to install

 

[muckshifter]

It is probably a false positive, but run an online scan anyway.


For your Information ...

Win32/Sdbot is a family of backdoor Trojans that allows attackers to control infected computers. After a computer is infected, the Trojan connects to an internet relay chat (IRC) server and joins a channel to receive commands from attackers. These commands can instruct the Trojan to spread to other computers and can allow attackers to perform other backdoor functions, such as launching denial of service (DoS) attacks and retrieving system information from infected computers.

Here are some of the names currently in use by antivirus software vendors;

CA: Win32/SDBot
F-secure: SdBot
McAfee: W32/Sdbot.worm
Symantec: Backdoor.Sdbot
Trend Micro: WORM_SDBOT


The program HERE can detect it.

 

[Abarbarian]

See me pics .
Avast finds the nasty .After I send it to the chest I try to run the prog and get this info .
I downloaded the Microsoft tool and fun it . It finds and partially rmoves the nasty . I follow the limited instructions and get the following info .

I don't understand where the Microsoft tool has put the infected file . Or why when I follow the instructions for more info I get the "can not find the file " message .

So is it a real nasty . Would I be wise to not try running the programe .



I already have the Microsoft tool showing in my All Programs list but it is the Feb 2007 version . How do I rplace the shortcut with the new Nov 2007 shortcut . I can make a new shortcut but can not see how to replace the old one .

 

[Adywebb]

Well the file is within Zoom Player, which is a legitimate program - so it may well be a false positive. However I see its from a torrent download, so it may have been tampered with.


Try downloading and running the same from MajorGeeks and see if it produces the same result - if so you will know for sure.

 

[Abarbarian]

Thanks for that Adyweb lokks like it is a real nasty so have deleted all traces .

 

[Adywebb]

Did you try what I suggested and find the other download was ok then?

 

[Abarbarian]

Sorry should have said . Tested the MG download and no nasty so I deduced that my download was infected with a nasty so deleted it .
I like the Zoom Player free version and wanted to try out the paid for version to see if it was ok before I purchased it . Sometimes software is not as good as the adverts say so I like to try before I part with me cash .

 

[Adywebb]

Unfortunately that can be a problem with torrent downloads - they can often be infected with nasties

 

[Abarbarian]

Thats only me third one in four years . Mind you I mainly download anamie from fan sub groups .