Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Sdbot-GO

Mar 15, 2004 4:00AM PST

Aliases
W32/Sdbot.worm.gen, Backdoor.IRCBot.gen

Type
Win32 worm

Description
W32/Sdbot-GO is a backdoor Trojan and network-aware worm which runs in the background as a service process and allows unauthorised remote access to the computer via IRC channels.
W32/Sdbot-GO copies itself to the Windows system folder as dosin.exe and creates the following registry entry so that the Trojan is run when a user logs on to Windows:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Auto Start
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Auto Start
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Auto Start
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Auto Start
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\Auto Start


More: http://www.sophos.com/virusinfo/analyses/w32sdbotgo.html

Discussion is locked