Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Win32.SXTBot

by Marianna Schmudlach Mar 24, 2004 2:42PM PST

Detection Published: March 21, 2004
Description Modified: March 25, 2004
Category: Win32
Also known as: Backdoor.IRCBot.gen (Kaspersky), W32/Sdbot.worm.gen (McAfee)

SXTbot is an increasingly large family of IRC-controlled worms that contain backdoor functionality. This analysis describes the general behaviour of this family of worms.

Members of this family generally install themselves into the %System% directory. Filenames used by the worm vary, however, Computer Associates antivirus research teams have seen the following filenames used recently in the wild:

LSASS32.exe
CfgDll32.exe
Spoolsvc32.exe
WinSvc32.exe
Spoole32.exe
Microms.exe
CMST32.exe
Intspvc.exe

The file is generally around 110kb in size.

More:http://www3.ca.com/threatinfo/virusinfo/virus.aspx?id=38649

Discussion is locked

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info