W32/Sdbot-DP

Category	Viruses and Spyware
Type	Worm
What to do	Please contact support for assistance with removal.
Prevalence	low high

Summary


Included in our products from	August 2004 (3.84)
Protection available since	14 June 2004 13:43:34 (GMT)
Detected by	All Sophos products

W32/Sdbot-DP is a worm and backdoor for the Windows platform.

W32/Sdbot-DP allows a malicious user remote access to an infected computer
via IRC.

In order to run automatically when Windows starts up W32/Sdbot-DP creates
the following registry entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32 USB2 Driver

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Win32 USB2 Driver

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32 USB2 Driver

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Win32 USB2 Driver
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\Win32 USB2 Driver

The worm also regsiters smsc.exe as a service named Win32 USB2 Driver.

W32/Sdbot-DP spreads to other computers by exploiting the LSASS
vulnerability and a backdoor opened by the Troj/Optix family of Trojans.

Get reports about the latest virus and spyware threats delivered to your computer