bkdr sdbot.05.b c:\winnt\system32\afdx.exe c:\winnt\system32\afdx.exe
bkdr sdbot.05.b c:\winnt\system32\file.exe c:\winnt\system32\file.exe
bat spybot.a c:\winnt\system32\ipcpass.dic
bkdr ircbot.gen c:\winnt\system32\system1.exe
os是windows2000 advanced server,以上病毒是用诺顿扫描出来的,显示无法清楚。
各位大虾,帮帮忙了。
---------------------------------------------------------------
BKDR_SDBOT.05.B
风险指数:
病毒种类: Backdoor
具破坏性: 会
别名:
SDBOT.05
说明:
This backdoor is a configurable Internet Relay Chat (IRC) bot.
Once active on an infected system that is connected to the Internet, this backdoor malware connects to a specific Internet Relay Chat (IRC) server and joins the infected user to a channel there. In the IRC channel, the malicious user can send commands in the form of private messages for the backdoor to process on the infected system.
This backdoor malware compromises network security and works on Windows 95, 98, NT, 2000, ME and XP systems.
解决方案:
AUTOMATIC REMOVAL INSTRUCTIONS
To automatically remove this malware from your system, please use the Trend Micro System Cleaner.
MANUAL REMOVAL INSTRUCTIONS
Identifying the Malware Program
To completely remove this malware from your system, you must first identify the running malware program. Once identified, it can be terminated, and then removed.
Scan your system with Trend Micro antivirus and NOTE all files, including their paths, detected as BKDR_SDBOT.05.B. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner.
Terminating the Malware Program
This procedure terminates the running malware process from memory. You will need the name(s) of the file(s) detected earlier.
Open the Windows Task Manager.
On Windows NT/2000/XP systems,
press CTRL+SHIFT+ESC
On Windows 9x/ME systems,
certain processes are not visible in the Task Manager. Use a third party process viewer to view and terminate the malware process.
In the list of running programs, locate the malware file that matches the filename that you noted earlier.
Select that matching file, and then press either the End Task or the End Process button, depending on the version of your Windows. Note that for Windows NT/2000/XP, the list of running processes is located under the Processes tab.
To check if the malware process has been terminated, close Task Manager, and then open it again.
*NOTE: On systems running Windows 9x/ME, Task Manager may not show certain processes. You may use a third party process viewer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.
Removing Autostart Entries from the Registry
Removing autostart entries from registry prevents the malware from executing during startup. You will need the name(s) of the file(s) detected earlier.
Open your Registry Editor. Click Start>Run, type REGEDIT then hit the Enter key.
In the left panel, double click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry or entries whose data value (in the rightmost column) is the malware file(s) detected earlier.
In the left panel, double click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>RunServices
In the right panel, locate and delete the entry or entries whose data value (in the rightmost column) is the malware file(s) detected earlier.
Close the Registry Editor.
NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system.
Running Trend Micro Antivirus
Scan your system with Trend Micro antivirus and delete all files detected as BKDR_SDBOT.05.B. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner.
Additional Windows ME/XP Cleaning Instructions