Bloodhound.Path - Spybot S&D - Help!

  igr 22:41 14 Oct 2004
Locked

After tonights update I ran Spybot and it found the above Trojan, linking it to an entry in the registry executing a file called winapp.exe.in WINNT/System32 When clicking on 'fix it' my computer crashed. Keeps on doing it.

Has anyone come across this Trojan (if it is one)
Is it a result of the updates?
Is it a false positive relating to Spywareblaster?
Is the said file a kosher one?
How do I get rid of it if Spybot S&D keeps causing a crash when trying to fix it?

  CurlyWhirly 23:15 14 Oct 2004

I had the same trojan (well 3 entries really) and the only way I was able to get to it was to use System Restore.
What happened was when visiting an external link (i.e. not the PCA forum) my PC crashed and I couldn't get online again and after running PestPatrol this couldn't delete them as I had an 'access is denied' error.
There was also reference to a Kernel32/system file as explained at click here


I also noticed that while trying to log on to my ISP the program kept freezing with the error 'The program is not responding'.

  Dan the Confused 23:26 14 Oct 2004

Run your AV (fully updated) then follow the registry fix described at click here

  igr 23:35 14 Oct 2004

Yes it is a similar problem - I have now tracked the Trojan (it appears to be Backdoor.Win32.sdbot.gen and it is resident in WINNT\System32\winapp.exe and payload.dat

System restore? I am a W2K O/S

  stalion 23:41 14 Oct 2004
  igr 23:51 14 Oct 2004

Yes MWAV finds them but then suggests I buy the program to clean the files. Wonder why non of the other programs find and clean these files?

  stalion 23:53 14 Oct 2004

the program is free you download it to your computer and it not only finds them it will automatically delete them.Are you running it from the site?

  igr 23:58 14 Oct 2004

Downloaded again and it has now renamed the infected files - guess I can delete these now?

  stalion 00:01 15 Oct 2004

NO just leave them they are safe now they are re-named because they are possibly needed by windows

  igr 00:43 15 Oct 2004

reloaded Spybot S&D and ran it again. No problems, the renaming of the Trojans by MWAV seems to have done the trick. Now all I need to get clear in my mind is what the Backdoor.w32.sdbot.gen trojan has been up to or what damage has been done?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5T review

How to draw a mandala

iPhone X review

Les meilleures enceintes Bluetooth à moins de 150 euros