Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Troj/Sdbot-GN

Mar 11, 2004 12:15AM PST

Aliases
Backdoor.SdBot.gen, W32/Sdbot.worm.gen, W32.HLLW.Donk, BKDR_SDBOT.GEN

Type
Trojan

Description
Troj/Sdbot-GN is a backdoor Trojan which runs in the background as a service process and allows unauthorised remote access to the computer via IRC channels.
Troj/Sdbot-GN copies itself to the Windows system folder as netlogin32.exe and cool.exe and creates the following registry entry so that the Trojan is run when a user logs on to Windows:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft System Checkup = netlogin32.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Microsoft System Checkup = netlogin32.exe

The following registry entry will also be created:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
NT Logging Service = syslog32.exe


http://www.sophos.com/virusinfo/analyses/trojsdbotgn.html

Discussion is locked