PDA

View Full Version : Help with Backdoor.Win32.SdBot.gen removal



Pete7874
2007-01-03, 22:33
My dad's PC (Win XP Prof SP2) seems to be infected with Backdoor.Win32.SdBot.gen, although it is only reported by Spybot S&D, and not Ewido/AVS Anti-Spyware nor Microsoft Malicious Software Removal Tool. However, I do believe there is something going on - something is always preventing Windows Firewall from starting after a reboot/restart.

This is what Spybot finds and reports as 'fixed':
http://i34.photobucket.com/albums/d102/escape2music/misc/backdoor2.png

However, it doesn't actually gets fixed. The next time I scan with Spybot, the same problems reappear. I tried switching off System Restore before the removal - no help. Also, when scanning with Spybot in Safe Mode, those problems do not get detected. They only show up in normal Windows mode.

Why can't Spybot get rid of this permanently? Is there a fix for this? Can I just try to manually remove the two registry keys that are listed in the Spybot window I linked above?

I also tried this:
http://www.spywaredb.com/remove-backdoor-win32-sdbot-gen/

But none of the processes, files, and registry entries listed in those instructions are on the computer to begin with.

Thanks.

Pete

tashi
2007-01-03, 22:41
Hi Pete.

Let's take a closer look at this.

Please follow the procedure in this link: "BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)
Skip the Spybot-S&D part as you have already done that.

Start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)

Once you have posted a helper will advise you as soon as available.

Cheers. :)

Pete7874
2007-01-04, 01:20
Thanks. I did as you requested:
http://forums.spybot.info/showthread.php?t=10189