My eset firewall started complaining last night about connections going outbound to the IP address 203.117.91.73
After a call to ESET, I found out that that I had a trojan virus called sdra64.exe on my machine!
How do you get rid of it?
The guy from ESET firstly check for the virus using a program called RootAlyzer. This confirmed the infection. Next he downloaded procexp.exe from Microsoft to see what dependancies sdra64.exe had. Using another program called Process Unloader, he then closed the handles to sdra64.exe, and all files located in c:\windows\system32\lowsec. Once this was done, he created blank executable from notepad, and overwrote sdra64.exe, then deleted the lowsec folder.
Finally, in the registry under windowsnt\winlogon, he removed the reference to sdra64.exe in the userinit key.
A nasty little beast of a virus, and apparently acquired randomly from visiting a website!
No comments:
Post a Comment