Sys32 virus

  EazyRobbo 23:57 02 Aug 2003


I have recently been downloading wrestling video files from kazaa, i needed a codec to play them so downloaded one called nimo codec pack. it turned out to be a virus that norton could not fix, i quarentined it and deleted it from the quarentine folder but since i have done a virus scan and the same virus is in my sys32.exe file, norton cant fix it and i cant delete the file....
Thanx for your help


  Forum Editor 00:06 03 Aug 2003

(as if we needed one) of the perils of downloading material from a total stranger's computer via Kazaa.

The Nimo codec pack itself is not a virus as you thought - it's a collection of codecs produced by many different people. Nimo themselves warn you that they can't be responsible for any bugs in the individual codecs. If you have a virus infection it was obviously included in the download, so please post back with details of the actual virus message you're getting from Norton, and I'm sure we'll be able to help.

Next time I suggest that you go out and pay for the videos - it may work out cheaper in the long run.

  JIM 00:25 03 Aug 2003

If you have KAZaA, you may have the Benjamin virus. To see if you have it, goto C:\Windows\Temp. Look for the folder "Sys32". If it is not there, do a search on your computer for "SYS32". If you have this folder, you may have the virus.

There are a few things that you will need to do. 1st you will need a recent (Updated) version Norton Anti-Virus.

2nd you will need to manually edit the registry. I recommend that you backup the registry in case you accidentally delete something that you shouldn?t have.
Click on the following link (Or copy and paste into you browser). There are detailed instructions to help you backup your registry.

click here

If you have KAZaA, you may have the Benjamin virus. To see if you have it, goto C:\Windows\Temp. Look for the folder "Sys32". If it is not there, do a search on your computer for "SYS32". If you have this folder, you have the virus.

1.Reboot the computer in SAFE-MODE. ( this will prevent the program that is running the virus from starting up)

2. Once the computer boots in safe mode, Click STARTà RUNà and type SYS32.

3.When you see the File SYS32, Delete the entire folder.

4. Empty your recycle bin.

5.Click START RUN and type REGEDIT

6.When the Registry editor pops up, Click Edit Find and type SYS32.

7. Whenever you see anything that contains SYS32, (Do Not mistake this for SYSTEM32!!) Click DEL on your keyboard.

8 Hit the F3 key on your keyboard to continue searching and delete all entries that contain SYS32. This may take a long while depending on how many programs are installed on your computer.


10.Once you are done you will need to do Repeat steps 6 thru 9 finding the entry C:\SYSTEM\EXPLORER.SCR

11.Delete every entry that contains the exact string C:\SYSTEM\EXPLORER.SCR

12.Once you are done searching the registry, you will need to perform a full system scan using an update Anti-Virus Program.

MAKE ABSOLUTELY SURE THAT YOU PERFORM ALL OF THE ABOVE STEPS IN ?SAFE-MODE? If your reboot the computer and you have missed a file, the virus will regenerate itself and you will have to restart the procedures from scratch.

I know this sound like a lot but it took me 2 days to fully contain this virus. This is because I made the mistake of rebooting the computer in normal before performing a full system scan using Norton. The Virus will ?WAKE UP? if you don?t complete all the steps in safe mode.

13.Reboot the computer in Normal and get rid of KAZAA.

  EazyRobbo 09:10 03 Aug 2003

Hi thanx for your help so far but i have made a mistake, the error is actually in System32.exe not sys32.exe, sorry for my mistake.
The virus is also called Backdoor.sdbot, norton keeps saying repair failed.

I have a Firewall and it was trying to assess the internet so i blocked it from doing so....

I hope this further information will be of any help

Thank you so much again

  soy 09:42 03 Aug 2003

Backdoor.sdbot.F click here

Backdoor.sdbot.H click here

  EazyRobbo 10:30 03 Aug 2003

Thanx everyone who replied, as you can probably tell i am a bit of a novice but now thanx to you all i am rid of my virus and able to sleep again!


This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Dell XPS 13 9370 (2018) review

Creative studio Omnibus' brand identity for We Said Enough, a non-profit against sexual misconduct

What to ask Siri on the HomePod

Meilleurs VPN (2018)