This is a moving target.

Have observed morphing.

SYS32 item that seemingly does not have
an identifiable fixtool that I can find with
my resources.

Have discovered a remedy that 'tricks' this
SYS32 problem with non-hacking.

Have yet to fully identify the original exposure
date of this critter.[img]http://www.daniweb.com/techtalkforums/techtalk-images/icons/icon4.gif[/img]

Feed back from within this domain is invited

Recommended Answers

All 17 Replies

NOD32 AntiVirus should be able to clean that one - it's included in the signature file for it!

NOD32 AntiVirus should be able to clean that one - it's included in the signature file for it!

A very embarassing response for me to recieve.
I rely on NOD32.

SIT: as reported
File C:\WINDOWS\System32\navmgrd.exe is infected with a trojan
IRC/SdBot.AFN.
SIT: Newly reinstalled Zonelabs 4.0 reports that navmgrd.exe is
attempting to act as a server.
SIT: NOD32 reports that it cannot clean this infiltration.
SIT: This is kind of tough!!
SIT: NOD32 has allready recieved a pointed comm from
me on this sit ( allways polite ).

Spent time with other issues this past week that seem to point back to
this same item. [img]http://www.daniweb.com/techtalkforums/techtalk-images/icons/icon4.gif[/img]

NOD32 can't clean it because it's a trojan. Delete instead! There's quite a few other AntiVirus packages which should be able to deal with it, as far as I can determine. I doubt if any of them would clean rather than delete, though.

NOD32 can't clean it because it's a trojan. Delete instead! There's quite a few other AntiVirus packages which should be able to deal with it, as far as I can determine. I doubt if any of them would clean rather than delete, though.

I trust that we are not both moving too fast for each other.
I repeat, this is a moving target.
Is a morphing item.
Have scanned and observed how quickly it has taken on other
nuances.

heh heh..... Looks like it's me standing still, I reckon. I'll leave this to others more knowledgeable than myself. All I know is NOD32 has never let me down, and I've seen reference to its signature files including mention of this particular trojan.

**** whistles and wanders off, awaiting developments......

:D

That's what I did caperjack.

The Google results indicate NOD32 has included this trojan in their signature files since version V.1.730

NOD32 AntiVirus should be able to clean that one - it's included in the signature file for it!

Traded emails with "SOURCE".
"Source" gave me advices.
Decided to go my own way and had a VERY,VERY,VERY successful resolution
without future compromises.
This was a GREAT learning experience and has given me
a whole new *^killer*^ marketing approach / perspective
on the AV industry. BIGTIME!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:cool: :cool: :cool: :cool: :cool: :cool:

NOD32 can't clean it because it's a trojan. Delete instead! There's quite a few other AntiVirus packages which should be able to deal with it, as far as I can determine. I doubt if any of them would clean rather than delete, though.

My path of travel on this whole manouver was creative without hacking skills.
Had to tell 'others' how to do their job as part of the remedy.
We accomplished our 'mission'.:cool: :cool: :cool: :cool: :cool: :cool:

Care to repeat all of that in English?

My path of travel on this whole manouver was creative without hacking skills.
Had to tell 'others' how to do their job as part of the remedy.
We accomplished our 'mission'. :cool:

Within this hostile ( internet ) environment there are way too many offers of advice ( that's why I am here within this community-- a more stabilizing and educated / user savy community ).
Friends and I 'built' two custom PCs last year that I use ( the consequenses have been BRUTAL in terms of STRESS and massive lost amounts of time in terms of keeping everything flying.
Along with XP continually morphing
All of that is the downside.
The upside is that I have gathered deep intel through going back to
whichever "source" I had to deal with.
I have paid a terrific price for the knowledge I now have.
Now I will convert this intel into numerous products that will
have DEEP benefits for users of MS OS's, especially XP users and other MS O/S users well beyond. :cool:

Care to repeat all of that in English?

Meaning??:lol:

NOD32 AntiVirus should be able to clean that one - it's included in the signature file for it!

HMMMM. My AV reported 'resident witin memory' cannot delete.That is a responsible reply methinks????:lol:

Methinks a responsible reply would be to report "My AV cannot delete it because it is resident within memory", to which the next response would be:

Boot into 'Safe Mode' and try a scan from there.

Was finally dicovered to be accompanied with four RALEKA.A in registry locations.
Translated across from one AV dictionary to another I had BKDR_SDBOT.DP
All ( 5 ) were DEALT with.
Did I earlier say "MORPHING" ??
That is the sit
"Source" and me did a 'timestamp' that fairly indicated its internet inception / introduction.
This thing was lighting up my ZLabs bigtime.
Decided to slam my Zlabs ( total uninstall ) and temp trade it for XP equivalent firewall.
Redownloaded Zlabs.
Treated it like a whore worthy of no trust at all!!!!!!!!!!!!
The rest is all a matter of how anyone wants to have their settings
perform more than adequately!!!!!!!!!!!!
Did the expected protocol exchanges F/Wall wise between the 2.
Unzipped / loaded Zlabs and reinstalled it.
ZLabs then flags me per my settings.

This BKDR.SDBOT then gives me an interesting sit.
BITCH wants to act as a server?????????????? HAAAAAAAAAAA
No F way

Dealt with it. Period.:cool:


:idea: Bad KARMA awaits evildoers who intentionally advance virus issues ( they are simply ADVERTISING their own inadequeces in real life and can benefit from a small amount of learning / understanding that to HELP ANOTHER / OR / OTHERS does not not in any way mean any form of DESTRUCTIVE ( DESTROY OR WREAK HAVOC ) behaviour upon other innocents.
:cool: :idea: = ( COOL IDEA ) Is that there exits certain levels of CREATIVITY.
The LOWEST level of CREATIVITY is to DESTROY ( and all of its ramifications ).
At the higher end of the CREATE / DESTROY scale is the ability to
want to HELP others witout any sense of REWARD. Just simply the pleasure of being ABLE TO HELP.

NOD32 can't clean it because it's a trojan. Delete instead! There's quite a few other AntiVirus packages which should be able to deal with it, as far as I can determine. I doubt if any of them would clean rather than delete, though.

With todays hostile enviroment re AV issues TRUST is a limited commodity
re delete.
We are always responsible for our 'settings'.
NOD32 settings are and do have POTENTIAL.
Depends on how we set the the settings!!!!
BLACKSPEAR gives good advices that are very well
accompanied with 'snapshots'.
Definitely of some help for others to read.

This is a READERS forum and so I attempt to
write from and for the readers viewpoint ( only because
that is how we can :idea: collectively move ahead / advance.

Methinks a responsible reply would be to report "My AV cannot delete it because it is resident within memory", to which the next response would be:

Boot into 'Safe Mode' and try a scan from there.

Are we / do we have ego's??
Can't afford one from this end.

What we are dealing with is my sets of observations
and remedies cautiously applied that through this forum may have the
use for others, whoever they may be.

I respect your moderator position and that will stay that way.

What we write that becomes a 'thread' of continuity then has a
value for existing and newer members.

Part of the 'hat' of being a moderator is to be a referee
as well as contributing towards being an overall educator at the same time.

No challenge here.:lol:

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.