Spyware and Malware Removal

 
Recent Posts
Free Scanners
How to Prevent Spyware
Spyware and other unwanted software can invade your privacy, bombard you with pop-up windows, slow down your computer, and even make your computer crash. Here are several ways you can help protect your computer against spyware and other unwanted software. more >>
Microsoft Security Updates
As part of Microsoft's routine, monthly security update cycle, today we released two new security updates. more >>
Protecting Your Computer
Here are 4 basic steps to protect your computer against attacks and threats. more >>
Minimizing the Risk
Using Internet communication tools such as chat rooms, e-mail, and instant messaging can put children at potential risk of encountering online predators. more>>

W32/Sdbot.worm - Exploit MS05-039

Monday, May 29, 2006
Overview:
W32/Sdbot.worm is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Characteristics:
In typical Sdbot evolutionary fashion, MS05-039 exploit code has been added to the Sdbot virus family. The same activity happened around DcomRPC, LSASS, and a host of other common vulnerabilities. This description covers the initial MS05-039 flavored Sdbot. At least one other MS05-039 exploiting Sdbot variant is known to exist, and at least 3 other SVKP repacks are also known. Like many Sdbots, certain functionality is only activated upon receiving the appropriate command from a BOT commander. If the bot is unable to connect to the hard coded server/channel, that functionality would not be executed.

Files and process known to be related to W32/Sdbot.worm are:
1. pnpsrv.exe

Symptoms:
Files DcomRPC and LSASS error.

Source: MCAfee Threat Center

MCAfee Users Removal: click here

Manual Removal:
1. Download Ewido and save to your desired location.
2. Install Ewido and download all necessary updates.
3. Reboot your computer in SafeMode.
- Press F8, after the power was turned on
- Select Safe Mode from selections menu

4. Run a full scan and delete infections that are detected.

note:If you are using Windows XP, proceed with these steps, Windows9x and ME please skip.

5. Reboot computer in SafeMode with Networking
- Press F8, after the power was turned on
- Select Safe Mode with Networking from selections menu

6. Connect to internet and scan with the following online scanners:
Trendmicro Housecall
Symantec Security Check
BitDefender Online Scanner

If Unable to Browse Internet, Fix the Damaged with:
Fix For XP Winsock
Internet Explorer Fix
posted by hitech-leiza @ Monday, May 29, 2006  
0 Comments:
Post a Comment
<< Home
 
Free Stuff

Ads
Sidebar
Archives
Powered by

Free Blogger Templates

BLOGGER

© Spyware and Malware Removal Template by Isnaini Dot Com