rootkit woes

dbstone · 01-29-2007, 07:48 PM

Hi,

Can anyone help?

I had to reinstall windows xp to clear up a problem left over from a spyware program. I had been cleared of spyware by the hijack this people and trend pc cillin found no viruses, etc. After reinstall I only went to these websites: firefox, earthlink, trend micro cillin. I redownloaded pc cillin and ran it. It found a worm: sdbot.dyx and said it was in winsvc.exe and could not be removed or quarantined.

I printed out the instructions on their website to remove the virus manually, but first tried reinstalling windows again. (Yes, a real reinstall, by removing the old partition, etc...). Still, I had the virus, which caused pop-up windows trying to get me to connect to suspicious websites, slowing down my computer, and kicking me off the internet when I tried to download protective features, such as windows updates and trend pc cillin (the second time).

I've tried following their instructions for removal which involved going into the edit registry and deleting files with winsvc.exe. I found none.

I've tried calling trends tech support, who were not too helpful. I was told if I couldn't find those files then I must not have a virus...

I've tried running pc cillin again to see if the virus is still there and the program won't scan for virus'. It gets stuck.

How can I get rid of this *&%*&^(*** thing?

**POADB** · 01-30-2007, 05:30 AM

Hi dbstone

The best thing you can do is revisit the HJT Help Forum with a new HJT log and the details you have posted above. The Security Team are trained in this type of detection and removal.

G'luck

01-29-2007, 07:48 PM	#1 (permalink)
dbstone Registered User Join Date: Oct 2006 Posts: 79 OS: winxp	rootkit woes Hi, Can anyone help? I had to reinstall windows xp to clear up a problem left over from a spyware program. I had been cleared of spyware by the hijack this people and trend pc cillin found no viruses, etc. After reinstall I only went to these websites: firefox, earthlink, trend micro cillin. I redownloaded pc cillin and ran it. It found a worm: sdbot.dyx and said it was in winsvc.exe and could not be removed or quarantined. I printed out the instructions on their website to remove the virus manually, but first tried reinstalling windows again. (Yes, a real reinstall, by removing the old partition, etc...). Still, I had the virus, which caused pop-up windows trying to get me to connect to suspicious websites, slowing down my computer, and kicking me off the internet when I tried to download protective features, such as windows updates and trend pc cillin (the second time). I've tried following their instructions for removal which involved going into the edit registry and deleting files with winsvc.exe. I found none. I've tried calling trends tech support, who were not too helpful. I was told if I couldn't find those files then I must not have a virus... I've tried running pc cillin again to see if the virus is still there and the program won't scan for virus'. It gets stuck. How can I get rid of this &%&^(*** thing?

01-30-2007, 05:30 AM	#2 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,209 OS: XP SP2	Hi dbstone The best thing you can do is revisit the HJT Help Forum with a new HJT log and the details you have posted above. The Security Team are trained in this type of detection and removal. G'luck __________________