worm_sdbot.ayo worm relatively new?

[edmundoab]

Yeap talking about this worm, I have no idea how it got into my system
All hopes seems gone when I can't even find a cleaning solution for this

May have to do a clean format as it has done too much damage on my registry

Any experts out there who knows about this worm? and what can I do to overcome this attack on my PC?

it takes up alot of system resources and seem to allow viruses into my PC,
of course I have norton AV, but that doesn't care about the worm in my PC
TrendMicro can detect and clean it,
However, it must have some activation to reactivate it on every start up
not even with turning off System Restore could help the situation

 

[mechBgon]

1) what is your Internet connection (cable, DSL, etc)

2) do you have a router, or no router. If so, what brand & model is it.

3) do any other computers connect to the Internet using your router, or are you the only one?

4) do you have a software firewall, or no sw firewall. If so, what kind.

5) what version of Windows exactly, XP Home, XP Pro, 2000? What Service Pack?

6) run Microsoft Baseline Security Analyzer and does it ding you for weak/blank passwords, unnecessary services or open shares?

 

[mechBgon]

BTW I certainly would lean towards a clean installation of Windows, taking these precautions and the ongoing security ones also. But finding the weakness in your existing security strategy is important.

Lately a lot of worms and backdoors are dropped by instant-messaging worms (Kelvir family, for example). If anyone else uses your computer besides you, definitely consider the advice about forcing a Limited account on them, no options.

 

[edmundoab]

Using ADSL,
now doing a direct connection to the modem as I am having problems with config Dlink AirPlus G+ 2.4 Ghz Router DI-624+

Modem is a Kasda, don't know if you have heard of this, provided by the ISP
Im the only one so far, but I called up the ISP saying that they do not have a built in hardware firewall on this modem,
guess the ports are always vulnerable to worms and spyware/virus

using Norton Anti-Virus , Adaware Personal and also Trend-Micro to detect and clean worms from start up
Windows Professional SP1
SP2 gave me alot of problems with surfing the net, decided to roll back the driver,

haven't tried the MS baseline Security Analyzer yet, but I will keep you posted.

 

[mechBgon]

1) disable the D-Link's wireless feature and do a direct cable connection

2) download the full-file SP2 installer and the Kaspersky 30-day trialware and burn them to CD

3) unplug your computer from your router and modem so it's isolated.

4) reinstall WinXP in isolation, patch with SP2, get your defenses in place, then connect to your router, which should have its wireless feature turned off.

5) update antivirus, reboot if needed, patch Windows, reboot if needed, run Microsoft Baseline Security Analyzer and fix any oversights, particularly open shares and weak/blank passwords.

6) if you do re-enable the wireless access point, max out the security features. If your neighbors can negotiate a connection to the WAP, then their computers can give worms to your computer.

7) to emphasize this: you need strong passwords on your Administrator-class accounts. I would set them to something like edmundboab@AT. Right-click My Computer, choose Manage > Local Users & Groups > Users, right-click each user account and set the password. Wouldn't hurt to change the name of the Administrator account to something else either.


Your problems with SP2 will probably disappear now that you're installing it on a clean WinXP installation. I wouldn't advise directly connecting to your modem under any circumstance.

 

[edmundoab]

I hope so, I am using a desktop anyway so it is a direct cable connection
the wireless is for my notebook in a case all works well,

of course I have to go one thing at a time.
thanks for the detailed step by step to follow,
I certainly appreciate it very much and thank you.