A friend’s pc was infected with the irc/backdoor.sdbot trojan recently and I cleaned it out – eventually.
This is a tricky little trojan which hides in the System Volume folder (where the System Restore info is held) as well as the Windows/Winnt folder.
Killing the trojan using anti-virus software only gets rid of it until the next re-start. The way to get rid of this one is to turn off the System Restore service by opening the Services MMC in the Administrative Tools folder, right-clicking the System Restore service and selecting stop.
Having stopped the System Restore service, it is now possible to kill this virus permanently using your favourite anti-virus software or preferably a combination of av software. In this case, I used AVG and Stinger to be sure all infections were gone.
Don’t forget to re-start this service once you are done!
I’ve done what this says- does this mean I can restart my system restore centre? Or should I leave it off…? Please reply.
Mary,
you should be able to start it again.
I deleted it, then restarted my computer- but it’s still there! This is really frustrating! I deleted it with XoftSpy- and ran AVG, but it’s still there! Any other tips? When I had trouble before, I ran Ghost, but I don’t really want to do that again… Help?
use noton or panda platinum 2006 wickh will kill the virus NEVER USE MCAFEE
I have backdoor.sdbot on a work pc which Norton is unable to delete (it is located in system 32). I have also tried many other guides and nothing seems to work.
Spysweeper seemed to find the trojan and delete it, but it came straight back.
Now I am going to try Xoftspy and Spysweeper in safe mode, then turn off system restore for the reboot (in case it is hiding there).
It’s crazy, none of the major antivirus utilities can 100% claim to get rid of the virus.
You must also turn off the system restore under the my documents then go to properties, check the box that says turn off system restore….make sure to apply….now restart the computer….works like a champ
I tried the advice above but not it won’t let me put the system restore back on … I get the following message:
“System Resore encountered an error trying to enable/disable one or more drives. Please restart your machine and try again.”
I get the same messagwe when i restart and try again. Any advice?
Now this seems like a really clever Trojan. What does it do?
THIS IS SOLUTION FOR XP PRO NTFS USERS
START-MY COMPUTER-TOOLS-VIEW-CHECK “SHOW HIDDEN FILES AND FOLDERS”-UNCHECK “HIDE PROTECTED OPERATING SYSTEM FILES”-UNCHECK “USE SIMPLE FILE SHARING”-APPLY-OK.
MY COMPUTER-C:-RIGHT CLICK system volume information-PROPERTIES-SECURITY-ADD-TYPE YOUR WINDOWS LOG ON NAME-OK-CHECK “FULL CONTROL”-APPLY-OK
RIGHT CLICK system volume information-RENAME AS “system volume information2”
REBOOT COMPUTER
First download an reliable anti-spamware and also try to doiwnloads the latest updates to make sure of its reliablity