Bloodhound.Path - Spybot S&D - Help!

  igr 22:41 14 Oct 04
Locked

After tonights update I ran Spybot and it found the above Trojan, linking it to an entry in the registry executing a file called winapp.exe.in WINNT/System32 When clicking on 'fix it' my computer crashed. Keeps on doing it.

Has anyone come across this Trojan (if it is one)
Is it a result of the updates?
Is it a false positive relating to Spywareblaster?
Is the said file a kosher one?
How do I get rid of it if Spybot S&D keeps causing a crash when trying to fix it?

  CurlyWhirly 23:15 14 Oct 04

I had the same trojan (well 3 entries really) and the only way I was able to get to it was to use System Restore.
What happened was when visiting an external link (i.e. not the PCA forum) my PC crashed and I couldn't get online again and after running PestPatrol this couldn't delete them as I had an 'access is denied' error.
There was also reference to a Kernel32/system file as explained at click here


I also noticed that while trying to log on to my ISP the program kept freezing with the error 'The program is not responding'.

  Dan the Confused 23:26 14 Oct 04

Run your AV (fully updated) then follow the registry fix described at click here

  igr 23:35 14 Oct 04

Yes it is a similar problem - I have now tracked the Trojan (it appears to be Backdoor.Win32.sdbot.gen and it is resident in WINNT\System32\winapp.exe and payload.dat

System restore? I am a W2K O/S

  stalion 23:41 14 Oct 04
  igr 23:51 14 Oct 04

Yes MWAV finds them but then suggests I buy the program to clean the files. Wonder why non of the other programs find and clean these files?

  stalion 23:53 14 Oct 04

the program is free you download it to your computer and it not only finds them it will automatically delete them.Are you running it from the site?

  igr 23:58 14 Oct 04

Downloaded again and it has now renamed the infected files - guess I can delete these now?

  stalion 00:01 15 Oct 04

NO just leave them they are safe now they are re-named because they are possibly needed by windows

  igr 00:43 15 Oct 04

reloaded Spybot S&D and ran it again. No problems, the renaming of the Trojans by MWAV seems to have done the trick. Now all I need to get clear in my mind is what the Backdoor.w32.sdbot.gen trojan has been up to or what damage has been done?

This thread is now locked and can not be replied to.

How to get Windows 10 for free | How to install Windows 10: There is still a way to avoid paying…

1995-2015: How technology has changed the world in 20 years

Alex Chinneck’s giant ice cube Christmas tree at Kings Cross

Apple rumours & predictions 2017: The iPhone 8, new iPads, and everything else you should expect fr7…