Troj/Sdbot-Z

Category:	Viruses and Spyware	Protection available since:	22 Aug 2003 00:00:00 (GMT)
Type:	Trojan	Last Updated:	22 Aug 2003 00:00:00 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Sdbot-Z is a backdoor Trojan which allows a remote intruder to access and control the computer via IRC channels.

Troj/Sdbot-Z joins a specific channel on an IRC server and then runs continuously in the background as a service process, listening on the IRC channel for specific commands and carrying out the appropriate actions.

When first run the Troj/Sdbot-Z drops a copy of itself to the Windows system folder with the filename svchosts.exe and creates the following registry entries so that this file is run on Windows startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\
Run\ svchosts="svchosts.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\
RunServices\ svchosts="svchosts.exe"

Try Sophos products for free
Download now

Troj/Sdbot-Z

Free Mac Anti-Virus

Popular topics