W32/Zbot-IP is a Trojan for the Windows platform.
W32/Zbot-IP is part of the Zbot (aka Zeus) malware family of data-stealing Trojans.
When run, W32/Zbot-IP copies itself to <SYSTEM>\sdra64.exe and uses rootkit techniques to hide this file from view.
The following data files may also appear on an infected system:
<SYSTEM>\lowsec\local.ds
<SYSTEM>\lowsec\user.ds
W32/Zbot-IP appends its path to the following registry entry to run on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
<ORIGINAL_VALUE>, <SYSTEM>\sdra64.exe