W32/Sdbot-QR is an IRC backdoor Trojan and network worm.
When first fun, W32/Sdbot-QR copies itself to the Windows system folder as msgsr32.exe and creates the following registry entries so that the file is run automatically on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
load = "msgsr32.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
load = "msgsr32.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
load = "msgsr32.exe"
Each time W32/Sdbot-QR is run it attempts to connect to a remote IRC server and join a specific channel. The worm then runs continuously in the background listening on the channel for instructions.
W32/Sdbot-QR spreads to network shares protected by weak passwords when it receives the appropriate command.