Advertisement BodyworkeR Thread Starter Joined: Apr 3, 2001 Messages: 76 Hi, I just made a stupid mistake and executed a spam attachment. That's where the other benefit of cpau comes in. To recapitulate: generic detection raised suspicion, a subsequent scan with Scan for suspicious files (HIPS) enabled spotted sdra64.exe. I was then stymied because I couldn't delete the sdra64.exe file.
UPDATE: 03/08/09 I have been noticing a lot of comments about people still having problems getting rid of the sdra64.exe file itself. Ashampoo is the better of the two you listed so that is what I'd suggest you use unless you don't like it for some reason. That's where cpau from joeware comes in. Comments: Moisture: First off, thanks for the info.
This applies only to the original topic starter. Notes: Please note that the name of the file should NOT be used to define if it is legitimate or not. http://www.filehippo.com/download_ccleaner/ Mark: CCleaner is great but registry issues are just one symptom of the infection. Remember to watch out for line-wrap.
Then I changed accounts back to my admin account and here I am posting this. You can prevent further infection in a reasonable time and submit samples to Sophos whilst the majority of people will be unaware of any changes made to their policies.I personally am It is certain that sdra64.exe.rmv should be removed timely once being informed of its existence. Therefore believe there must be some conflict between AVG8 and Ashampoo Firewall.
Problem persists March 31, 2009 16:46 Re: Update fails #3 Top kateline Novice Join Date: 31.3.2009 Posts: 31 You didn't provide us all the information that we Mal/Generic-L was detected quite a few times already. This is a "lo-fi" version of our main content. directory I also have another method to get back to the AVG 7.5 and uninstall etc ...
sdra64.exe.rmv Information: FileDescription: - LegalCopyright: - ProductName: - ProductVersion: - Company: - FileMd5: be7c0d3f0d6e9234816750a44f725e8c FileVersion: - Memos: - Download sdra64.exe.rmv fix tool 90100748sdra64.exe.rmv is a trojan program which Log on to Windows (on safe mode, don't know if will work on normal mode). 6. Please don't PM asking for support, post on the Forums instead. The file is not a Windows system file.
Rename it to sdra64.bla and hit enter. Check that your Windows HOSTS file does not contain an entry for any AVG / Grisoft websites in it... This allows you to repair the operating system without losing data. Modify the Userinit values as stated on this post 8.
I'm not really sure why i didn't restore to the earliest point back then.Thanks dawgg and Baz^^ for all your help, although you didn't solve my problem, i've learn't quite a And here it simply goes... 1. Thereupon sdra64.exe.rmv could be loaded up automatically on every Windows boot. Delete sdra64.exe and cleanup the registry entry in WinLogon.
If it has worked, you should see that all you have is C:\Windows\System32\Userinit.exe, Step 5 - Now go to Start > Run > and type C:\Windows\System32\ hit enter. The file "sdra64.exe" has the following possible countries of origin: OriginNumber of Incidents Russian Federation156 China8 Italy7 Finland6 Taiwan1 United Kingdom1 The following threats are known to be associated with the Go to regedit. 7. The beauty of this is that once SCTUI has been launched you can delete the "temporary" administrator account we created earlier (the one that cpau is using to launch SCTUI) and
Even for serious problems, rather than reinstalling Windows, you are better off repairing of your installation or, for Windows 8 and later versions, executing the DISM.exe /Online /Cleanup-image /Restorehealth command. It was running from the user's Application Data folder and locked. I don't really know what to do next so in the meantime I've created a program that constantly ends the iexplore.exe process so it doesn't keep requesting that url.No i didn't
Say yes. mostly i was using automated tools instead of looking at which files were causing it. Join our site today to ask your question. Although I had already had got rid of sdra64 before I located this CClenaer..it would have been interesting to see if it picked it up and what it did with it.
But at least I know how to scan suspicious email attachments better now than I did. Reboot your computer, press F8 and select Safe Mode with Networking in the Windows Advanced Options Menu 2. Combination attacks work the best. [Nov 14, 2009] How to remove sdra64.exe yourself - for free Some good technical information but the method is an overkill,. But it is more effort and also requires communication and cooperation among the IT groups.
The update problem remains if I then turn off the Ashampo firewall without a restart. Now that IDEs are available the files are immediately detected. First off, this virus is so-say a keystroke logger, so whatever you do - don't do anything which involves typing passwords or sensitive data until we have removed it. The files in the c:\ drive aren't viruses but there not needed anyway so i deleted them.When i ran mbr.exe from the c\: drive using command prompt the following error appeared
Hijackthis found it in HKCU/../run O4 - HKCU\..\Run: [userinit] C:\Documents and Settings\Papa User.YALOV-COMPUTER\Application Data\sdra64.exe and again I couldn't delete it. To purchase the registered version is to give sdra64.exe.rmv more authority to control your computer. No, create an account now. Update your antivirus program and run a scan Solution: remove it automatically and easily If you don't have much time or patience to remove sdra64.exe.rmv, you can download and install Spyhunter
Then I rebooted again and went back into the user account. Also, please don't forget to resume the Kaspersky that you paused.Download Combofix here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe coolconnuk 28.11.2009 14:48 ok here's the combo fix log file. Christian:2459 QC 0 21 Apr 2010 3:08 PM Final words: the manipulated userinit.exe is now detected as Troj/Zbot-OA. Once the system comes back up, you'll have to run the Windows SteadyState management tools to more fully configure Windows Disk Protection if you don't want all disk changes discarded with
Hopefully it will work for you too. Surprisingly Windows System File Checker did not complain. The program has no visible window. Upon its installation, sdra64.exe.rmv virus will immediately insert its malevolent codes and files in system in order to make modification in Windows registry.
thanks for posting this! Where is it located? PrevX found the names of the files, but when I went to pay (yes, I was so frustrated that I was willing to pay), I got a PayPal website that said