W32/Spybot-DG

Aliases	Backdoor.Spyboter.gen
Category	Viruses and Spyware
Type	Worm
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


How it spreads	Network shares
Affected operating systems	Windows
Characteristics	Installs itself in the registry
Included in our products from	December 2004 (3.88)
Protection available since	20 October 2004 13:06:07 (GMT)
Detected by	All Sophos products

Action

Summary
Action
More Information

Please follow the instructions for removing worms.

More Information

Summary
Action
More Information

W32/Spybot-DG is a network worm with backdoor Trojan functionality.

W32/Spybot-DG copies itself to MSFENOE.exe in the Windows system folder and creates entries in the registry at the following locations to run itself on Windows login:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft Decryption Technology = MSFENOE.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\
Microsoft Decryption Technology = MSFENOE.EXE

W32/Spybot-DG attempts to copy itself to attached network drives.

W32/Spybot-DG remains resident, running in the background as a service process and listening for commands from remote users via IRC channels.

W32/Spybot-DG attempts to terminate various monitoring programs. It also logs keystrokes to the file keylog.txt in the Windows system folder and attempts to steal passwords.

Get reports about the latest virus and spyware threats delivered to your computer

In this section

W32/Spybot-DG

Summary

Action

More Information