W32/Sdbot-X

Please follow the instructions for removing worms.

Check your administrator passwords and review network security.

You will also need to edit the following registry entries, if they are present. Please read the warning about editing the registry.

At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Dcom System Patch

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Dcom System Patch.

and delete them if they exist.

Close the registry editor.

W32/Sdbot-X is a worm with an IRC backdoor. In order to run automatically when Windows starts up the worm copies itself to the file microsoft.exe in the Windows system folder and adds the following registry entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Dcom System Patch

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Dcom System Patch.

The worm attempts top copy itself to the Windows system folder on weakly protected network shares.

W32/Sdbot-X has a backdoor component that allows a malicious user to remotely control an infected system.