• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

VCD Gear/backdoor.sdbot (trojan)/NAV2K3



I downloaded the latest version of VCD Gear last night, and I wish I could remember the site I got it from b/c here's what happened.

I extract the zip and go to run the vcdgear exe and BAM! NIS and NAV start throwing up all kinds of virus warnings.


This does not make me happy...

But it gets better because I have NAV set to attempt to repair the file then quarantine if unsuccessful. So the initial virus warning window pops up and I click OK, this brings me to the next warning window which tells me it was unable to repair the file. I click OK and instead of telling me it has quarantined the file(s) it takes me back to the first warning window which takes me to the unable to reapir window which takes me back to the original warning wiondow and so forth and so on....

So i go to symantec.com for removal instructions and try and follow them, but it turns out they are telling me to remove a file that does not exist. But I press onward and remove the registry entries I am advised to remove. And I'm done? No.

Just to be on the safe side I checked around a bit and found that syscg32.exe is still running in my services (and using 8meg of memory) so I end the process. Done, nope not yet. Just to be really safe I run RegCleaner and what does it find?? About 11 more registry entries.

I go back to sysmantec.com and continue reading, most of which is useless information that does not pertain to my particular problem until finally at the bottom of the removal instructions it mentions that the syscg32.exe probably does not exist because it was renamed at the time of execution to one of two or more possible names....this fianlly helped me as I found the last of the files (I hope) that the virus created.

I guess I will also go ahead and mention that even after updating the signatures on Swat It! the app was still unable to locate/eradicate this trojan....

Well anyway, I guess all is well now, nothing detected in the full sysscan by NAV and everything seems to be running smoothly again, I just thought I would share this experience because I have always been a big NAV fan and have always had good luck with it finding/removing virii, but this experience truly made me mad....the help provided by symantec was less than helpful and unless I want to pay phone sex rate for actual support, there is no way to communicate w/ symantec about this except ontheir feedback section, which I tried and after typing up the whole scenario for them I get an error on sending....

It was frustrating....

Anyway, this trojan is related to irc, so....watch out for it I guess.


Jahya - whoa dude - what a nightmare - glad ya got it sorted.

As far as where you got it from perhaps internet history could help jog your memory.

Also - if you are running System Restore (have it enabled) you may want to delete your past restore points and make a fresh one as the System Volume Information folder is excluded (by default) when you do a system scan. That or you can "unexclude" (is that a word?) that folder and then do a scan of that folder. It is posssible to reintroduce virus/trojan by using System Restore!


I used WindowsWasher to remove all my history/cookies and to shred everything by NSA standards (7x), so recovering the internet history to find the site is not an option :(

As for System Restore, it is one of the first things I disable after a fresh format. I find it easier to reinstall Windows than to roll back to a restore point (had a bad experience the one time I did try a sysrestore). But I don't find formatting/reinstalling to be that big a deal as some people do. I've done soooo many format/installs with so many different OS that I can almost format/reinstall and set everything up in my sleep. When I am actually awake and paying attention, I can be back up and running as if nothing ever happened within 2 hours. And seeing as I usually only seem to format about once every 6 months or so, 2 or 3 hours is really not a big deal...

Members online

No members online now.

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
What a long strange trip it's been. =)

Forum statistics

Latest member