Troj/Sdbot-XM

Category: Viruses and Spyware
Type: Trojan
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Sdbot-XM is a Windows Trojan that contains backdoor functions that allows unauthorised remote access to the infected computer via IRC channels.

When run Troj/Sdbot-XM copies itself to the Windows system folder as a hidden, system file named amsngr.exe.

The Trojan also creates the following registry entries so that it is able to run on user logon or computer restart:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Clock_Manager
%SYSTEM%\amsngr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Clock_Manager
%SYSTEM%\amsngr.exe

Troj/Sdbot-XM will attempt to steal CD keys, partake in distributed denial-of-service (DDoS) attacks, download and run files from the internet and log keystrokes when instructed to do so by a remote attacker.