Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Troj/SdBot-GG

Mar 5, 2004 1:02AM PST

Aliases
W32/Randbot.worm, Backdoor.IRCbot.gen, W32/Randex.gen

Type
Trojan

Description
Troj/Sdbot-GG is a backdoor Trojan which runs in the background as a service process and allows unauthorised remote access to the computer via IRC channels.
The Trojan copies itself to the Windows system folder as CMD32.EXE and creates entries in the registry at the following locations to run itself on system restart:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\*** and *******
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\*** and *******

The Trojan remains resident, listening for commands from remote users. If it receives the appropriate command the Trojan attempts to copy itself to remote network shares with weak passwords.


http://www.sophos.com/virusinfo/analyses/trojsdbotgg.html

Discussion is locked