Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Removal of RisinG / sds2d21.exe / sdsxd.exe

3 views
Skip to first unread message

Jonathan Berry

unread,
Jan 2, 2009, 6:49:20 PM1/2/09
to
Sorry if this is the wrong group, I'm having trouble finding any
group to post to!

At a local (Mexico) Internet Cafe, a program advertised
itself as malware by repeatedly failing. Every time,
Microsoft offered to log the failure: sds2d21.exe

So I knew that something was amiss before I used my USB
memory stick, but there were some web pages that I needed
to view later, offline.

When I put the USB stick in my computer, I noted that the
malware had created an autorun.inf and a phony folder
called "Recycle" (sic) containing the malware. I deleted
both, but ...

The next time I woke the computer from suspend, there was
the dying sds2d21.exe I was infected!

And a Recycle folder on my c: drive, which I was quickly
able to eliminate. AVG Free would report sdsxd.exe as
malware and shut it down (heal or put in vault didn't make
any difference), but immediately it would reappear. AVG
alone was not able to deal with this malware, which it
described as a Trojan horse Dialer.UVP

There was an associated prefetch (.pf) file, which would
reappear some moments after being deleted.

I discovered that RisiNG.exe
or RisinG.exe in folder Recycle (sic) associated with this
Trojan. In Process Explorer, I found (Ctrl-F) then deleted
the handles (Rising) and that allowed me to delete RisinG.
exe and the Recycle folder.

For good measure, I deleted all references to RisinG.exe in
the Registry (using regedit). This left any USB drive self-
infecting, but a reboot cleared that up.

YMMV !

I am OK with the idea that putting my USB flash drive in an
infected machine would result in the USB drive becoming
infected. But isn't there a way of putting an infected USB
drive in a friendly computer, in quarantine so that the
infection doesn't spread? In the old days, we'd call it
"DOS". I have autorun turned off. Am I missing some other
trick?

Also, shouldn't AV programs be able to deal with these sorts of
malware? I was very lucky that the steps I took actually
worked. A little more sophistication in the malware and my
computer would still be infected.

--
Jonathan Berry

David H. Lipman

unread,
Jan 2, 2009, 9:13:07 PM1/2/09
to
From: "Jonathan Berry" <jbe...@islandnet.com>

| YMMV !

| --
| Jonathan Berry

Turn off AutoPlay/AutoRun on the PC and if you insert infected media it will NOT infect
the PC. Then you would scan the media with your anti virus application. Also you can
enable viewing of Hidden System files and view the possibly infected read/write media for
EXE files and AutoRun.INF and if present, they can be manually deleted.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


Mumia W.

unread,
Jan 2, 2009, 11:58:43 PM1/2/09
to
On 01/02/2009 05:49 PM, Jonathan Berry wrote:
> [...]

> I am OK with the idea that putting my USB flash drive in an
> infected machine would result in the USB drive becoming
> infected. But isn't there a way of putting an infected USB
> drive in a friendly computer, in quarantine so that the
> infection doesn't spread? In the old days, we'd call it
> "DOS". I have autorun turned off. Am I missing some other
> trick?
> [...]

Was autorun off when you first inserted your USB key (after having used
it at the Internet café)?

Farnak

unread,
Jan 4, 2009, 6:55:23 PM1/4/09
to

Hey man, I need help deleting this virus !

My computer got infected when I used the USB of my mom. Now I keep
getting windows errors about the program sds2d201.exe every 5 mins, my
antivirus is MCafee and it marks the file sdsxd.exe as a generic, trojan

I tried the stuff about Block system recovery, start windows on safe
mode and scan my computer, (wasted 8 hours of my pc light because the
virus reapeared after 10 mins of starting windows normaly).
I found a prefetch file with the same name of the virus
sds2d21.exe-#####.pf file, deleted it too but it reapered too 洵.

I dont know what to do, Im getting tired of this "windows error" every
5 mins xD.
Plus I found something, when I analized the file sds2d21.exe the scan
never ends, it says that he is analizying the file #1 , and after 1 min
it says it is analyzing the file #1000, so the virus is getting bigger
and bigger everytime!

Srry for my english, I tried my best writing here, please somebody help
me (Im mexican so if u could help me on spanish would be even GREAT)

I didnt make the step of the registry so if anyone can help me with
that, maybe I can delete this virus! please help me :( most annoying
virus I have ever seen !! :(


--
Farnak
------------------------------------------------------------------------
Farnak's Profile: http://forums.techarena.in/members/farnak.htm
View this thread: http://forums.techarena.in/antivirus-software/1097075.htm

http://forums.techarena.in

0 new messages