Sys32 virus

  EazyRobbo 23:57 02 Aug 03
Locked

PLEASE CAN SOMEONE HELP ME...

I have recently been downloading wrestling video files from kazaa, i needed a codec to play them so downloaded one called nimo codec pack. it turned out to be a virus that norton could not fix, i quarentined it and deleted it from the quarentine folder but since i have done a virus scan and the same virus is in my sys32.exe file, norton cant fix it and i cant delete the file....
WHAT DO I DO??
Thanx for your help

Stephen

  Forum Editor 00:06 03 Aug 03

(as if we needed one) of the perils of downloading material from a total stranger's computer via Kazaa.

The Nimo codec pack itself is not a virus as you thought - it's a collection of codecs produced by many different people. Nimo themselves warn you that they can't be responsible for any bugs in the individual codecs. If you have a virus infection it was obviously included in the download, so please post back with details of the actual virus message you're getting from Norton, and I'm sure we'll be able to help.

Next time I suggest that you go out and pay for the videos - it may work out cheaper in the long run.

  JIM 00:25 03 Aug 03

If you have KAZaA, you may have the Benjamin virus. To see if you have it, goto C:\Windows\Temp. Look for the folder "Sys32". If it is not there, do a search on your computer for "SYS32". If you have this folder, you may have the virus.



There are a few things that you will need to do. 1st you will need a recent (Updated) version Norton Anti-Virus.

2nd you will need to manually edit the registry. I recommend that you backup the registry in case you accidentally delete something that you shouldn?t have.
Click on the following link (Or copy and paste into you browser). There are detailed instructions to help you backup your registry.

click here


If you have KAZaA, you may have the Benjamin virus. To see if you have it, goto C:\Windows\Temp. Look for the folder "Sys32". If it is not there, do a search on your computer for "SYS32". If you have this folder, you have the virus.


1.Reboot the computer in SAFE-MODE. ( this will prevent the program that is running the virus from starting up)

2. Once the computer boots in safe mode, Click STARTà RUNà and type SYS32.

3.When you see the File SYS32, Delete the entire folder.

4. Empty your recycle bin.

5.Click START RUN and type REGEDIT

6.When the Registry editor pops up, Click Edit Find and type SYS32.

7. Whenever you see anything that contains SYS32, (Do Not mistake this for SYSTEM32!!) Click DEL on your keyboard.

8 Hit the F3 key on your keyboard to continue searching and delete all entries that contain SYS32. This may take a long while depending on how many programs are installed on your computer.

9.DO NOT REBOOT THE COMPUTER YET!

10.Once you are done you will need to do Repeat steps 6 thru 9 finding the entry C:\SYSTEM\EXPLORER.SCR

11.Delete every entry that contains the exact string C:\SYSTEM\EXPLORER.SCR

12.Once you are done searching the registry, you will need to perform a full system scan using an update Anti-Virus Program.

MAKE ABSOLUTELY SURE THAT YOU PERFORM ALL OF THE ABOVE STEPS IN ?SAFE-MODE? If your reboot the computer and you have missed a file, the virus will regenerate itself and you will have to restart the procedures from scratch.



I know this sound like a lot but it took me 2 days to fully contain this virus. This is because I made the mistake of rebooting the computer in normal before performing a full system scan using Norton. The Virus will ?WAKE UP? if you don?t complete all the steps in safe mode.

13.Reboot the computer in Normal and get rid of KAZAA.

  EazyRobbo 09:10 03 Aug 03

Hi thanx for your help so far but i have made a mistake, the error is actually in System32.exe not sys32.exe, sorry for my mistake.
The virus is also called Backdoor.sdbot, norton keeps saying repair failed.

I have a Firewall and it was trying to assess the internet so i blocked it from doing so....

I hope this further information will be of any help

Thank you so much again

  soy 09:42 03 Aug 03

Backdoor.sdbot.F click here

Backdoor.sdbot.H click here

  EazyRobbo 10:30 03 Aug 03

Thanx everyone who replied, as you can probably tell i am a bit of a novice but now thanx to you all i am rid of my virus and able to sleep again!

Thanx

This thread is now locked and can not be replied to.

How to get Windows 10 for free | How to install Windows 10: There is still a way to avoid paying…

1995-2015: How technology has changed the world in 20 years

Alex Chinneck’s giant ice cube Christmas tree at Kings Cross

Apple rumours & predictions 2017: The iPhone 8, new iPads, and everything else you should expect fr7…