high
Summary
Summary
Action- More Information
| Protection available since | 14 June 2004 13:43:34 (GMT) |
|---|---|
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
Please read the instructions for removing W32/Sdbot-DP.
More Information
W32/Sdbot-DP is a worm and backdoor for the Windows platform.
W32/Sdbot-DP allows a malicious user remote access to an infected computer
via IRC.
In order to run automatically when Windows starts up W32/Sdbot-DP creates
the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32 USB2 Driver
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Win32 USB2 Driver
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32 USB2 Driver
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Win32 USB2 Driver
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\Win32 USB2 Driver
The worm also regsiters smsc.exe as a service named Win32 USB2 Driver.
W32/Sdbot-DP spreads to other computers by exploiting the LSASS
vulnerability and a backdoor opened by the Troj/Optix family of Trojans.
|
