When first run Troj/Sdbot-DPF will copy itself to the Windows system folder as mslsrv32.exe and sets the following registry entries to ensure it is run at system logon:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Driver Setup <Windows>\mslsrv32.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\Microsoft Driver Setup <Windows>\mslsrv32.exe
Troj/Sdbot-DPF may attempt to exploit the following Vulnerability:
SRVSVC (MS06-040)