Aliases
Backdoor.Spyboter.aw, W32/Spybot.worm.gen.a, Win32/Spyboter.AW, W32.Spybot.Worm, BKDR_SDBOT.GEN
Type
Trojan
Description
Troj/Spybot-AW is an IRC backdoor Trojan which runs in the background as a service process and allows unauthorised remote access to the computer over a network. The attacker may issue commands that instruct the Trojan to attempt to spread using the RPC DCOM vulnerability used by W32/Blaster-A or using the backdoor on machines infected with W32/MyDoom-A.
The Trojan copies itself to the Windows system folder as SVCHOST.EXE and another file with random name and adds to the following registry entries to run itself on system restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows Service
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows Service
Troj/Spybot-AW then logs on to predefined IRC servers and waits for backdoor commands. The Trojan also terminates the following processes: REGEDIT.EXE, MSCONFIG.EXE, TASKMGR.EXE AND NETSTAT.EXE.
http://www.sophos.com/virusinfo/analyses/trojspybotaw.html

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic