high
Summary
Summary
Action- More Information
| Included in our products from | February 2004 (3.78) |
|---|---|
| Protection available since | 8 January 2004 12:36:19 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
Change any passwords that may have become compromised.
You will also need to edit the following registry entries, if they are present. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
scvhost loader = ixplore.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
scvhost loader = ixplore.exe
and delete them if they exist.
Close the registry editor.
More Information
Troj/Sdbot-CY is an IRC backdoor Trojan.
Troj/Sdbot-CY copies itself into the Windows system folder as ixplore.exe and sets the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
scvhost loader = ixplore.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
scvhost loader = ixplore.exe
Troj/Sdbot-CY logs onto a predefined IRC server and waits for backdoor commands. Depending on the commands issued by the attacker the Trojan may be able to update itself, log keystrokes, launch denial-of-service attacks, be used as a port redirector and steal licence keys of several popular online games.
|
