Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/SdBot-AQ

Feb 9, 2004 11:26PM PST

Aliases
Backdoor.SdBot.gen, W32/Sdbot.worm.gen, W32.Kwbot.Worm, WORM_SDBOT.EW

Type
Win32 worm

Description
W32/SdBot-AQ is a peer-to-peer worm that also contains backdoor Trojan functionality.
W32/SdBot-AQ copies itself to the Windows system folder as svchostx.exe and creates entries in the registry at the following locations to run itself on system startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
System Efficiency Monitor

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
System Efficiency Monitor

W32/SdBot-AQ copies itself to the shared folder of several peer-to-peer networks using enticing filenames.

http://www.sophos.com/virusinfo/analyses/w32sdbotaq.html

Discussion is locked