PCTech Home 

Want More Tips, Sign Up Today!

*







Follow us on Facebook




PCTech  >>  General  >>  Remove sdra64.exe virus and delete file



 Remove sdra64.exe virus and delete file
PCTech

Posted: 5/21/2009
12:13:29
PM
This sdra64.exe removal is a little harder to remove than your normal virus removal.  The file sdra64.exe is locked by the Winlogon process and therefore you are not able to delete it by using tools such as Hijackthis or Icesword. 
 
To remove this virus please download the following tool Process Explorer from Microsoft/Sysinternals. Process Explorer
 
Once you have downloaded the tool, open it.
 
1. Press CTRL+F on your keyboard to begin search.
2. Type sdra64.exe
3. Double click on the search results, it should be listed as winlogon and some additional details
4. On the toolbar select Handle then Close Handle
    Then you would be able to delete the file.  Follow the location listed in the registry. Typically it's going to be C:\windows\system32
5. Delete the sdra64.exe file or rename it.
6. While in the system32 folder delete the folder called lowsec which contains the spyware data. 
7. Restart your computer then open Regedit by going to Start --> Then Run and typing Regedit, then click ok.
8. The registry should look like this
 
 
9. Double click on the Userinit entry and then remove everything after the comma. 
10. Go to Edit then refresh your view to verify that the entry does not come back.
11. Turn off your system restore (under My Computer --> Then Properties) then you can turn it back on.
 
Your system should now be free from this sdra64.exe virus, we still recommend doing a full virus scan to remove any additional files the could potentially be remaining.
 
 Post Id: 39


 RE: Remove sdra64.exe virus and delete file
JoMarrable

Posted: 12/14/2009
3:44:18
PM
Hi, can anyone help me, I have Prevx on my laptop and when it scans it tells me I have this sdra64.exe but when I download the process tool and search for it it doesn't seem to be there?
 Post Id: 41


 RE: Remove sdra64.exe virus and delete file
Darque Dante

Posted: 12/31/2009
10:13:49
AM
What could be going on in your situation sir, is that you have the registry entry BUT NOT THE FILE, so the when you use your AV scanning software it scans through the registry sees the entry and throws out the flag to warn you of the infection, but not having the file actually present on your machine.
 Post Id: 42


 RE: Remove sdra64.exe virus and delete file
gibbsy999

Posted: 2/5/2010
9:15:03
PM
My account isn't an administators and every thread that I find tells you how to deal with this problem on an Admin account. The sdra64.exe file is located in C:\Documents and Settings\Dan\Application Data This file will not be deleted. I couldn't find it using regedit but did on the Process Explorer and it wouldn't let me close the handle saying 'The handle is invalid' I tried using a software calle Remove On Reboot but it remained. Please help.
 Post Id: 43


 RE: Remove sdra64.exe virus and delete file
PCTech

Posted: 3/1/2010
8:55:56
PM
If I understand you correctly, your account is not an administator account? In an virus removal situation you will want to login as the administrator to remove it. Try running through these instructions as the administrator on this computer and let me know your results.
 Post Id: 44


 RE: Remove sdra64.exe virus and delete file
Ray

Posted: 3/2/2010
11:39:19
AM
I am having the EXACT same issue only after this removel it keeps reappearing. Any ideas?
 Post Id: 45


 RE: Remove sdra64.exe virus and delete file
shuang070

Posted: 3/18/2010
1:53:48
PM
You will need the administrator of your system to make you an admin. Login then run regedit Registry: HKEY_Current_User - Software - Microsoft - Windows - Current Version - Run; You will find the entry for sdra64.exe there.
 Post Id: 46


 RE: Remove sdra64.exe virus and delete file
colink

Posted: 3/26/2010
5:59:46
AM
The best instructions ever ... did the job, many thanks
 Post Id: 47


 RE: Remove sdra64.exe virus and delete file
kmanken

Posted: 5/7/2010
1:41:11
AM
i was reading this forum while i was running antivir - the process explorer was open at the same time - i saw sda64.exe and the lowsec folder (hidden) - but the handle disappeared and the files were locked still. i tried opening regedit anyway and change the Userinit entry rebooted and now the sda64.exe and lowsec folder are gone. but i can not change the Userinit entry ... what do you think has happened?
 Post Id: 48


 RE: Remove sdra64.exe virus and delete file
kmanken

Posted: 5/7/2010
2:34:18
AM
i booted in safemode and followed the procedure my machine is clean now. thanks!
 Post Id: 49


 RE: Remove sdra64.exe virus and delete file
NeoRetro10K

Posted: 6/3/2010
12:38:30
PM
I am the administrator on my computer and it still says I don't have permission when I use this solution. I honestly have no clue what is going on.
 Post Id: 53


 RE: Remove sdra64.exe virus and delete file
NeoRetro10K

Posted: 6/3/2010
12:39:12
PM
I am the administrator on my computer and it still says I don't have permission when I use this solution. I honestly have no clue what is going on.
 Post Id: 54


 RE: Remove sdra64.exe virus and delete file
PCTech

Posted: 6/4/2010
7:08:03
PM
NeoRetro10K can you explain at what step in the process you are having the problem?  The more details the better so we can help troubleshoot.  It's possible you may have other rootkits or viruses making the process a little more complicated than normal.

 Post Id: 55


 RE: Remove sdra64.exe virus and delete file
morrison.paula

Posted: 6/18/2010
7:25:52
AM
PLEASE TELL ME I HAVE SDRA64 ON PC AND WHEN I PUT PASSWORD IN IT HAS TO CLOSE DOWN SO HOW DO I FOLLOW INSTRUCTIONS IF IT WONT LET ME DO ANYTHING
 Post Id: 56


 RE: Remove sdra64.exe virus and delete file
ebone

Posted: 6/28/2010
5:09:39
PM
I get a blue screen shortly after I close the handle. Any ideas?
 Post Id: 57


 RE: Remove sdra64.exe virus and delete file
ebone

Posted: 6/28/2010
5:34:57
PM
I got it now! I was trying to stop the wrong handle. Thanks for the great instructions.
 Post Id: 58


 RE: Remove sdra64.exe virus and delete file
naving

Posted: 4/29/2011
5:53:57
AM
Precise instructions followed. Did the trick!
 Post Id: 63

You're welcome to reprint or republish these articles on your website and in your e-newsletter free of charge, provided that you don't change the article in any way and you include the byline (including a link to our website)
In doing so you agree to indeminfy PCTech and its directors, officers, employees, and agents from and against all losses, claims, damages, and liabilities that arise out of their use.


Article provided by PCTech Computer Repair Topics




Home  |   Business Computer Repair  |   Security  |   Networking  |   Web Design  |   Computer Repair  |   Computer Help  |   Consultations  |   Privacy Policy  |   Contact us