Virus won't go!

  The Earl Of Sabden 16:06 09 Aug 2004
Locked

Hi there, AVG fails to delete the following Trojan Horse: IRC/BACKDOOR.sdBot.34.AF I have tried running AVG in safe mode by AVG says it needs the Core Driver..... Is there any other way I can delete this Virus, thanks, EOS.

  john-232317 16:23 09 Aug 2004

if it has put it in the quarantine vault,get the butler to hilite and delete it from there ;-)

  Fruit Bat /\0/\ 17:28 09 Aug 2004

Terminating the Malware Program

This procedure terminates the running malware process. This step is also important to be able to remove the system modifications the malware performed on the system.

Since this worm is memory-resident and it terminates Task Manager when it is executed, we first have to rename the file TASKMGR.EXE to TASKMGR.COM.

To rename TASKMGR.EXE to TASKMGR.COM.

For Win9x/NT:
Click Start>Find>Files or Folders.., type TASKMGR.EXE.
For WinME/2000/XP:
Click Start>Search>For Files or Folders.., type TASKMGR.EXE.
When TASKMGR.EXE found, right-click TASKMGR.EXE then select Rename.
Rename TASKMGR.EXE to TASKMGR.COM.
To terminate the malware process:

Open Windows Task Manager.
On Windows 95, 98, and ME, press
CTRL+ALT+DELETE
On Windows NT, 2000, and XP, press
CTRL+SHIFT+ESC, then click the Processes tab.
In the list of running programs*, locate the process:
WINGAMED.EXE
Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.

*NOTE: On systems running Windows 95, 98, and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.
Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing at startup.

Since the malware is memory-resident and it terminates Task Manager when it is executed, we have to rename the file REGEDIT.EXE to REGEDIT.COM.

To rename REGEDIT.EXE to REGEDIT.COM.

For Win9x/NT:
Click Start>Find>Files or Folders.., type REGEDIT.EXE.
For WinME/2000/XP:
Click Start>Search>For Files or Folders.., type REGEDIT.EXE.
When REGEDIT.EXE found, right-click REGEDIT.EXE then select Rename.
Rename REGEDIT.EXE to REGEDIT.COM.
To remove the malware autostart entries:

Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Patches Value = "WinGamed.exe"
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>RunServices
In the right panel, locate and delete the entry:
Patches Value = "WinGamed.exe"
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Patches Value = "WinGamed.exe"
Close Registry Editor.

NOTE: If you were not able to terminate the malware process as described in the previous procedure, restart your system.
Restoring Registry and Task Manager

Since REGEDIT.EXE and TASKMGR.EXE were both renamed to .COM extensions, they must be renamed again back to their .EXE extensions.

To do this, follow the same renaming procedures as above. Only this time, rename TASKMGR.COM to TASKMGR.EXE and REGEDIT.COM to REGEDIT.EXE.

  absent 17:29 09 Aug 2004

It may be one that hides on a system restore point, in which case turn off system restore, check with AVG to see if it has gone, then turn on system restore again.

  Fruit Bat /\0/\ 17:35 09 Aug 2004

If hiding in restore switch of restore, reboot,run stinger click here
check with Avg thats its gone. switch restore back on and create a new restore point

  The Earl Of Sabden 17:47 09 Aug 2004

Thanks guy's........ system restore (turn off) and the Stinger's help has solved the problem. The Earl thanks you all.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Xiaomi Mi Mix 2 review

What went wrong at the Designs of the Year 2017

iPhone X news: Release date, price, new features & specs

Comment regarder des séries et talk-shows américains en France ?