In this section

• Home
• Support
• Virus disinfection

Online support

• Knowledgebase
• Virus disinfection

Product maintenance

• Downloads and updates
• Documentation
• Software lifecycle

Contact support

• Talk to an expert
• Send a sample
• Email us

Support services

• Overview
• Technical Support
• Professional Services
• Technical Training

W32/Sdbot disinfection instructions

Resolve is the name for a set of small, downloadable Sophos utilities designed to remove and undo the changes made by certain viruses, Trojans and worms. They terminate any virus processes and reset any registry keys that the virus changed. Existing infections can be cleaned up quickly and easily, both on individual workstations and over networks with large numbers of computers.

Windows 95/98/Me and Windows NT/2000/XP/2003

W32/Sdbot-CAF, W32/Sdbot-DP, Troj/Sdbot-GG, W32/Sdbot-H, W32/Sdbot-HP, W32/Sdbot-IU, W32/Sdbot-KF, W32/Sdbot-L, W32/Sdbot-OV, W32/Sdbot-QC, W32/Sdbot-RY, W32/Sdbot-TW, W32/Sdbot-XC, W32/Sdbot-YI, W32/Sdbot-ZE, W32/Sdbot-ACG, W32/Sdbot-ACK, W32/Sdbot-ADC, W32/Sdbot-AJQ, W32/Sdbot-CZO and W32/Sdbot-DDS can be removed from Windows 95/98/Me and Windows NT/2000/XP/2003 computers automatically with the following Resolve tools.

Note: When disinfecting variants not listed above, use the recovery instructions in the appropriate virus analysis.

Windows disinfector

SDBOTGUI is a disinfector for standalone Windows computers

• open SDBOTGUI
• run it
• then click GO.

If you are disinfecting several computers, download it, save it to floppy disk and run it from there.

After removing the worm you should install the Microsoft patch MS03-039 or, on single computers, update with all relevant security patches from Windows update.

This tool reverses the disabling of the registry editor by W32/Sdbot (by default the registry editor is enabled). Read the release notes in SDBOTSFX.EXE for details.

Note: use SDBOTGUI in Safe Mode when removing W32/Sdbot-XC

Command line disinfector

SDBOTSFX.EXE is a self-extracting archive containing SDBOTCLI, a Resolve command line disinfector for use by system administrators on Windows networks. Read the notes enclosed in the self-extractor for details on running this program.

After removing the worm you should install the Microsoft patch MS03-039 or, on single computers, update with all relevant security patches from Windows update.

This tool reverses the disabling of the registry editor by W32/Sdbot (by default the registry editor is enabled). Read the release notes in SDBOTSFX.EXE for details.

Note: use SDBOTCLI in Safe Mode when removing W32/Sdbot-XC.

Other platforms

To remove W32/Sdbot on other platforms please follow the instructions for removing worms.