Sdbot.add
Sdbot.add (also known as W32/Sdbot-ADD) is a computer worm that may cause havoc with unprotected local networks. Once Sdbot.add is active on a system, it drops a rootkit that allows hackers to gain access to a computer without detection. Sdbot.add then allows a hacker to take control of the infected system remotely, through an IRC network.
File System Details
Sdbot.add may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | cmagesta.exe | |
| 2. | explorer.exe | |
| 3. | mstasks.exe | |
| 4. | syscfg32.exe | |
| 5. | cthelp.exe | |
| 6. | quicktimeprom.exe | |
| 7. | spooler.exe | |
| 8. | vcvw.exe | |
| 9. | msdirectx.sys | |
| 10. | aim95.exe | |
| 11. | cnfgldr.exe | |
| 12. | iexpl0re.exe | |
| 13. | mssql.exe | |
| 14. | yahoomsgr.exe | |
| 15. | ipcl32.exe | |
| 16. | sock32.exe | |
| 17. | syswin32.exe | |
| 18. | xmconfig.exe | |
| 19. | lockx.exe | |
| 20. | cmd32.exe | |
| 21. | fb_pnu.exe | |
| 22. | mssrvs32.exe | |
| 23. | sysmon16.exe | |
| 24. | iexplore.exe | |
| 25. | service.exe | |
| 26. | svhost.exe | |
| 27. | winupdate32.exe |
Registry Details
Sdbot.add may create the following registry entry or registry entries:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunstratas=lockx.exe
