Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Troj/Sdbot-GQ

Mar 16, 2004 12:14AM PST

Aliases
Backdoor.SdBot.gd, W32/Cult.worm.gen

Type
Trojan

Description
Troj/Sdbot-GQ is a backdoor Trojan that allows unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
Troj/Sdbot-GQ copies itself to the Windows system folder as F64MGR32.EXE and creates entries in the registry at the following locations to run itself on system startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

http://www.sophos.com/virusinfo/analyses/trojsdbotgq.html

Discussion is locked