high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 24 December 2004 12:24:34 (GMT) |
| Last updated | 10 March 2005 15:58:07 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Sdbot-SN is a network worm and IRC backdoor Trojan for the Windows platform which allows a remote intruder to access and control the computer via IRC channels.
The backdoor component joins a specific channel on an IRC server and then runs continuously in the background as a service process, listening on the IRC channel for specific commands and carrying out the appropriate actions.
The worm copies itself to a file named zxXZwd.exe in the Windows system folder and creates the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
VasddwDg
"zxXZwd.exe"
Sophos's anti-virus products include proactive protection technology, which can defend against new threats without requiring an update. Sophos customers have been protected against W32/Sdbot-SN (detected as W32/Sdbot-Fam) since version 3.89.
|
