Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/SdBot-W

Feb 2, 2004 12:07AM PST

Aliases
Backdoor.SdBot.gen, W32/Sdbot.worm.gen, BKDR_SDBOT.GEN

Type
Win32 worm

Description
W32/SdBot-W is a worm that attempts to spread to remote shares which have weak passwords. The worm also allows unauthorised remote access to the computer via IRC channels.
W32/SdBot-W copies itself to the Windows system folder as ADVAP.EXE and creates entries in the registry in the following locations to run itself on system restart:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices


http://www.sophos.com/virusinfo/analyses/w32sdbotw.html

Discussion is locked