« Virus.Elkern.a
Virus.Elkern.c »

Backdoor.SDBot

No Comments
Domesticus By Domesticus in Backdoors | 48 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

Backdoor.SDBot Description

Backdoor.SDBot is a Trojan virus. Once installed on the computer, Backdoor.SDBot will allow remote attackers to control the compromised machine through the IRC network. Backdoor.SDBot also includes a self-updating feature and opens a large security vulnerability on the system. Backdoor.SDBot is a serious threat to personal and financial information.

Type: Backdoors

How Can You Detect Backdoor.SDBot?

 
 

Download SpyHunter’s Detection Scanner
to Detect Backdoor.SDBot.

 
 

Backdoor.SDBot Technical Report

As new Backdoor.SDBot details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following Backdoor.SDBot files with its MD5s were created in the system:

File Name File Size MD5
wupdmgr.dll 4096 5fc0642bdacc702470e444de2d744f37
~2.exe 12832 55b5ff64f9be0550dce1c706e4062c8d
Explorer .exe 12832 55b5ff64f9be0550dce1c706e4062c8d
~4.exe 12832 6baed5ccc533405f791e413de7b569ad
malware.exe 47612 da17448779269941d9fb4ec23ae0d666
scost.exe 47612 da17448779269941d9fb4ec23ae0d666
atlah.exe 9216 07b4650663e4812b1576081697f4d7ce
libsysmgr.exe 97795 e343dc2d74a99cf5a584075d81173111
winhost.exe 30720 f387da8cffb35e68974ef7b85411726f
Explorer .exe 12832 55b5ff64f9be0550dce1c706e4062c8d
Explorer .exe 12832 55b5ff64f9be0550dce1c706e4062c8d
Explorer .exe 12832 55b5ff64f9be0550dce1c706e4062c8d
video.exe 311296 4681158d61ad281a48a6d6555b9bae80
mslsrv32.exe 51200 3abd65c102fc2e00a52824ccec438673
330.exe 24064 00765050b56fc8687e22262746d699c1
winsystem.exe 33792 c3dca9f74cec5a2ee31ae1a8d084906b
mslsrv.exe 78848 94b6d3cf260f2521be750377075b4d4f
msdriver32.exe 57344 356139aa2bf83931531567661310aebe
rdfhost.exe 1171456 6bce0ad05a648d0c271f93f2e7cb4abd
smss.exe 40960 6e2c471b84ba878bcd6383d9ef57f3a7
lsass.exe 38749 5b224a4d2f2597e5d945e23611117f24
csrss.exe 335872 6b13a249cf1020bb495902fa886e6c06

Backdoor.SDBot has typically the following processes in memory:

  • Explorer .exe
  • mslsrv.exe
  • wupdmgr.dll
  • winsystem.exe
  • scost.exe
  • lpdriver.sys

Backdoor.SDBot creates the following registry entries:

  • SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\wincfg
  • Software\Microsoft\Windows\CurrentVersion\RunOnce\wincfg
  • SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Update
  • SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Windows Explorer

Important Article Disclaimer

ESG Support Center

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Technorati
  • YahooMyWeb
This entry was posted on 08/24/07 and is filed under Backdoors. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Top Malware

Recommended Products

Featured Videos

Poll

How much money have you spent trying to rid your PC of spyware?
View Results

Recent Articles

Top FAQs

Follow Us on Twitter

Archives

Home Sitemap RSS Feed Privacy Policy End User License Agreement Copyright 2003-2010. Enigma Software Group USA, LLC. All Rights Reserved.