W32/Sdbot-CZO

Category: Viruses and SpywareProtection available since:15 Feb 2007 00:00:00 (GMT)
Type: Win32 wormLast Updated:15 Feb 2007 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Sdbot-CZO is a worm with IRC Backdoor functionality for the Windows platform.

W32/Sdbot-CZO may spread by exploiting a number of software vulnerabilities.

The worm has a backdoor component the connects to a preconfigured IRC channel, allowing an attacker to issue instructions to the worm, thus giving access to an infected computer.

When first run W32/Sdbot-CZO copies itself to \alg2k.exe.

The following registry entries are created to run alg2k.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Office Monitor
\alg2k.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Office Monitor
\alg2k.exe

The following registry entry is set:

HKLM\SOFTWARE\Microsoft\Ole
EnableDCOM
N