W32/Sdbot-DOR

Category: Viruses and Spyware Protection available since:11 May 2009 20:17:46 (GMT)
Type: Win32 worm Last Updated:11 May 2009 20:17:46 (GMT)
Prevalence: Small Number of Reports

Download Download a free security scan - Find threats your antivirus missed

Characteristics

  • Installs itself in the registry
  • Opens links to websites

Affected Operating Systems

Windows

Recovery Instructions:

Please follow the instructions for removing worms.

The following registry entries should be restored to their original or desired values:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools

HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry
Start

HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
Start

HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
DoNotAllowXPSP2

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
EnableFirewall

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
EnableFirewall

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
SFCScan

HKLM\SOFTWARE\Microsoft\Ole
EnableDCOM

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
SFCDisable

HKLM\SYSTEM\CurrentControlSet\Control\Lsa
restrictanonymous

download Try Sophos products for free
Download now

Security Threat Report 2012

Our 2011 recap and emerging trends for 2012
Go to report

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy