W32/SdBot-DPG

Category: Viruses and Spyware Protection available since:03 Nov 2009 05:19:30 (GMT)
Type: Win32 worm Last Updated:03 Nov 2009 05:19:30 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/SdBot-DPG is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorized remote access to the infected computer via IRC channels while running in the background as a service process.

W32/SdBot-DPG copies itself to the Windows system folder as explorer.exe or algs.exe and creates entries in the registry at the following locations to run itself on system startup: HKLM\Software\Microsoft\Windows\CurrentVersion\Run

W32/SdBot-DPG may exploit the following vulnerabilities to spread to remote network shares:
LSASS (MS04-011)
SRVSVC (MS06-040)
RPC-DCOM (MS04-012)
PNP (MS05-039)

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy