Sdbot-XK
Sdbot-XK, also referred to as Win32/Sdbot-XK, is a network worm that provides backdoor access to an infected computer by which unapproved downloads and installations may occur. Sdbot-XK usually spreads by exploiting the weaknesses in LSASS, RPC DCOM, WorkStation service, Microsoft SQL 2000, and Microsoft SQL servers with weak passwords. Once active, Sdbot-XK may then move itself to the Windows system folder under the designation b.exe. Sdbot-XK then alters specific registry values in order to begin operating as soon as Windows starts up, in addition to disabling Windows Internet Connection Firewall, Automatic Updates and Security Center.
File System Details
Sdbot-XK may create the following file(s):
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | b.exe MSDIRECTX.SYS |
Registry Details
Sdbot-XK may create the following registry entry or registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run b.exe b.exe
HKCU\SYSTEM\CurrentControlSet\Control\Lsa b.exe b.exe
HKLM\SYSTEM\CurrentControlSet\Control\Lsa restrictanonymous 1
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices b.exe b.exe
HKLM\SYSTEM\CurrentControlSet\Services\msdirectx
HKLM\SOFTWARE\Microsoft\Ole EnableDCOM N
HKCU\Software\Microsoft\Windows\CurrentVersion\Run b.exe b.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices b.exe b.exe
HKCU\Software\Microsoft\OLE b.exe b.exe
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.