Backdoor.sdbot

[Ted]

Hi,

I've got a virus called backdoor.sdbot attached to my
system32.exe. Everytime I start up windows, it tells me
that the system32.exe is missing. However, I know for a
fact that the system32.exe is being quarantined by Norton
Antivirus. Norton cannot repair the file. How do I get
a new system32.exe?

 

[Doug Knox MS-MVP]

System32.exe is not a valid Windows file. See www.dougknox.com, Win XP Fixes, Clean KWBot Worm Entries.

You can also clean this entry manually by going to Start, Run and entering MSCONFIG Go to the Startup tab and uncheck any entry that references the System32.exe file.

Additionally, you can click Start, Run and enter REGEDIT Go to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Look in the right pane for any entry that references the System32.exe file and delete it. Also look in:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Locate the Shell value in the right pane. It should read "explorer.exe", without the quotes. If it reads anything else, double click this entry and change it to read explorer.exe