Sdbot.add
Sdbot.add is a worm designed for the Windows platform. Once it is installed, Sdbot.add will continuously run in the background and provide a backdoor server that allows a remote attacker to gain access and full control over the infected computer via IRC channels. In addition, Sdbot.add may attempt to steal passwords, CD keys and product IDs.
File System Modifications
- The following files were created in the system:
# File Name 1 aim95.exe 2 cmagesta.exe 3 cmd32.exe 4 cnfgldr.exe 5 cthelp.exe 6 explorer.exe 7 fb_pnu.exe 8 iexpl0re.exe 9 iexplore.exe 10 ipcl32.exe 11 lockx.exe 12 msdirectx.sys 13 mssql.exe 14 mssrvs32.exe 15 mstasks.exe 16 quicktimeprom.exe 17 service.exe 18 sock32.exe 19 spooler.exe 20 svhost.exe 21 syscfg32.exe 22 sysmon16.exe 23 syswin32.exe 24 vcvw.exe 25 winupdate32.exe 26 xmconfig.exe 27 yahoomsgr.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunstratas=lockx.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.