W32/Spybot-DX is a worm and IRC backdoor Trojan for the Windows platform.
W32/Spybot-DX spreads to other network computers infected with: Troj/Kuang and Troj/NetDevil.
W32/Spybot-DX runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
Sophos's anti-virus products include Genotype™ detection technology, which can proactively protect against new threats without requiring an update. Sophos customers have been protected against W32/Spybot-DX (detected as Troj/Spybot-Fam) since version 3.96.
W32/Spybot-DX is a worm and IRC backdoor Trojan for the Windows platform.
W32/Spybot-DX spreads to other network computers infected with: Troj/Kuang and Troj/NetDevil.
W32/Spybot-DX runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
When first run W32/Spybot-DX copies itself to <System>\rundll.exe.
The following registry entries are created to run rundll.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Windows Config
RUNDLL.EXE
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Config
RUNDLL.EXE
Sophos's anti-virus products include Genotype™ detection technology, which can proactively protect against new threats without requiring an update. Sophos customers have been protected against W32/Spybot-DX (detected as Troj/Spybot-Fam) since version 3.96.