W32/Sdbot-OP is a worm which spreads via network shares.
When first run the worm will create a copy of itself named ntsys32.exe in the Windows System folder and create the following registry entries to ensure that the copy is run every time Windows starts:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Configuration = ntsys32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Configuration = ntsys32.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Configuration = ntsys32.exe
W32/Sdbot-OP searches for shared folders with weak passwords and copies itself to the Windows System folder of a vulnerable computer as ntsys32.exe.
The worm includes backdoor functions which can be controlled by a remote attacker over IRC.