Affected by BackDoor.SdBot2.RMI

[redhat]

My Computer has been infected with BackDoor.SdBot2.RMI.
I have AVG Antivirus 7.5 with the latest updates. Recently I started getting Threat Detection warnings from AVG. It finds that the file "C:\Windows\System32\eraseme_*****" is infected with the trojan BackDoor.SdBot2.RMI. But a full system scan finds nothing. The file can be healed too, but after around 1 hour it reappears with a new number after the '_'. Please help me on how to remove this infection from the computer

I did a complete scan of the infected file, with the online scanning of www.virustotal.com. Here are the results I got:

Aditional Information
File size: 117388 bytes
MD5: b8fc70577502a49e6e4d0bdbff455a32
SHA1: c067abf8d352ec41f5e769bf0f473fb69018f6b8

Antivirus		Result
AhnLab-V3		no virus found
AntiVir		       HEUR/Crypted
Authentium		could be a corrupted executable file
Avast		        Win32:Sdbot-4285
AVG		           no virus found
BitDefender		no virus found
CAT-QuickHeal		no virus found
ClamAV		           no virus found
DrWeb		           BackDoor.IRC.Sdbot.984
eSafe		           Suspicious Trojan/Worm
eTrust-Vet		Win32/Petribot.AGX
Ewido		           no virus found
FileAdvisor		no virus found
Fortinet		           no virus found
F-Prot		           no virus found
F-Secure 		Backdoor.Win32.SdBot.bdu
Ikarus		           no virus found
Kaspersky		Backdoor.Win32.SdBot.bdu
McAfee		           W32/Sdbot.worm.gen.m
Microsoft		no virus found
NOD32v2	            	IRC/SdBot
Norman		           W32/SDBot.APKM
Panda		           Suspicious file
Prevx1		           no virus found
Sophos		           no virus found
Sunbelt		           no virus found
Symantec		W32.Spybot.Worm
TheHacker		no virus found
UNA		           Backdoor.SdBot.AE0A
VBA32		           BackDoor.IRC.Sdbot.984
VirusBuster		no virus found
Webwasher-Gateway	Heuristic.Crypted

 

[24online]

remove file manually or remove from virus scanner...

before remove/scan turn off system restore ...
check it...
*service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam

 

[redhat]

I am able to delete the file easily, but it reappears after some time, as if there is some process that does it. I checked, but cannot find any suspicious processes

 

[anandk]

turn off system restore.
use disk cleanup utility/remove syst restr pnts.
delete the file using 'delete doctor' www.diskcleaners.com
clear up ur pc junk with 'ccleaner'
reboot.

 

[redhat]

I turned off System Restore, deleted all existing restore points, and deleted the file manually, without any software. But it re-appears again, after some time, pls help!

 

[abhijangda]

This not a system file. So, go in safe mode then delete this file from a Virus Scanner. If all system files are infected then repair your windows and then remove files.

 

[piyush gupta]

Log in in Safe Mode
Delete the file manually

Clean ur pc by ccleaner(recommended)

Reboot

it will not come

 

[redhat]

I know that this is not a system file!
also pls let me remind you that this file can be easily deleted by just pressing the [del] key. Also, I cleaned my system with ccleaner, but this file re-appears again and again!!!

 

[anandk]

in that case u will have to delete some auto-start entries that this sticky worm creates in the registry. i say sticky bcoz this memory-resident worm drops a copy of itself in the Windows system folder as the file WINBIN.EXE so a plain deletion doz not help.

to identify which auto-start entries u will have to delete, click here.

hope it helps.

 

[thinkdigitreader]

in that case u will have to delete some auto-start entries that this sticky worm creates in the registry. i say sticky bcoz this memory-resident worm drops a copy of itself in the Windows system folder as the file WINBIN.EXE so a plain deletion doz not help.

to identify which auto-start entries u will have to delete, click here.

hope it helps.

Scann ur system with Norton antivirus.

 

[redhat]

Hey thanks anandk, but though the symptoms are the same, all the files and registry entries mentioned in that link are not there on my system, i.e., the winbin.exe, or the startup entry, etc.
Pls Help! Pls Help!