high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 14 October 2004 13:08:31 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Sdbot-QI is a worm that attempts to spread via remote network shares. The worm tries to access various network computers with shared folders using weak passwords.
W32/Sdbot-QI contains backdoor Trojan functions that allows unauthorised remote access to the infected computer via IRC channels while running in the background.
When run W32/Sdbot-QI copies itself to the Windows system folder as win.exe.
The worm also creates the following registry entries so that it is able to run on user logon or computer startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Remote Procedure Calls = win.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Remote Procedure Calls = win.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Remote Procedure Calls = win.exe
W32/Sdbot-QI may also attempt to change the following registry entries:
HKLM\Software\Microsoft\OLE
EnableDCOM = N
W32/Sdbot-QI will attempt to delete network shares, partake in DoS attacks, steal computer information, download and run files from the Internet when instructed to do so by a remote attacker.
The worm may try to steal CD keys from the following games:
Half-Life
Unreal Tournament 2003
Counter-Strike
Battlefield 1942
Battlefield 1942 The Road to Rome
Rainbow Six III RavenShield
Neverwinter Nights
Soldier of Fortune II - Double Helix
Need For Speed Hot Pursuit 2
FIFA 2003
Command and Conquer: Generals
Project IGI 2
|
