Virus

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Just recently my laptop has been infected with the Backdoor.sdbot.gen virus.
While my virus program has deleted the affected programs some of them must be
restored and I am on the road on a extended trip and unable to do so. The
infection occurs on a daily basis, many times a day even though Norton
firewall is turned on so I am assuming something internally is triggering the
generation of the corruption or an intruder is going around the firewall. The
most frequent files being deleted are wincon0-9.exe which indicates that what
ever is generating them contains the corrupt code. Does anyone have a
solution?
--
--
Mr Hal

 

[Malke]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Mr Hal wrote:

> Just recently my laptop has been infected with the Backdoor.sdbot.gen
> virus. While my virus program has deleted the affected programs some
> of them must be
> restored and I am on the road on a extended trip and unable to do so.
> The infection occurs on a daily basis, many times a day even though
> Norton firewall is turned on so I am assuming something internally is
> triggering the generation of the corruption or an intruder is going
> around the firewall. The most frequent files being deleted are
> wincon0-9.exe which indicates that what
> ever is generating them contains the corrupt code. Does anyone have a
> solution?

Your computer is not clean. Go through the following malware removal
steps, doing everything with updated tools in Safe Mode:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

"Mr Hal" <MrHal@discussions.microsoft.com> wrote in message
news:7609F442-0CCC-4DB5-9364-D7F7DDE761EC@microsoft.com...
> Just recently my laptop has been infected with the Backdoor.sdbot.gen
> virus.
> While my virus program has deleted the affected programs some of them must
> be
> restored and I am on the road on a extended trip and unable to do so. The
> infection occurs on a daily basis, many times a day even though Norton
> firewall is turned on so I am assuming something internally is triggering
> the
> generation of the corruption or an intruder is going around the firewall.
> The
> most frequent files being deleted are wincon0-9.exe which indicates that
> what
> ever is generating them contains the corrupt code. Does anyone have a
> solution?
> --
> --
> Mr Hal

First, go to www.ccleaner.com and get ccleaner.exe. Install it and let it
run to delete all contents of temporary files and temporary internet files
folders. This is a primary place for these to launch from.

Then, you'll need to go through the contents of the \windows and
\windows\system32 folders searching for files that shouldn't be there.
You may need to go to a command prompt and look for hidden files - it's not
uncommon for viruses and trojans to hide themselves this way. Dir /ah will
show hidden files, and as many of these also get set to system, you'll then
need to use the attrib command (attrib filename.ext -s -h) to render them
deletable.

Also, go to http://housecall.trendmicro.com and run that; this will find a
variety of spyware and trojans and remove it. It'll also identify infected
files and their locations, so if necessary you can restart in Safe Mode with
this information and manually delete (or change the extensions) the files.

HTH
-pk