By GoldSparrow in Worms

Sdbot.add (also known as W32/Sdbot-ADD) is a computer worm that may cause havoc with unprotected local networks. Once Sdbot.add is active on a system, it drops a rootkit that allows hackers to gain access to a computer without detection. Sdbot.add then allows a hacker to take control of the infected system remotely, through an IRC network.

File System Details

Sdbot.add may create the following file(s):
# File Name Detections
1. cmagesta.exe
2. explorer.exe
3. mstasks.exe
4. syscfg32.exe
5. cthelp.exe
6. quicktimeprom.exe
7. spooler.exe
8. vcvw.exe
9. msdirectx.sys
10. aim95.exe
11. cnfgldr.exe
12. iexpl0re.exe
13. mssql.exe
14. yahoomsgr.exe
15. ipcl32.exe
16. sock32.exe
17. syswin32.exe
18. xmconfig.exe
19. lockx.exe
20. cmd32.exe
21. fb_pnu.exe
22. mssrvs32.exe
23. sysmon16.exe
24. iexplore.exe
25. service.exe
26. svhost.exe
27. winupdate32.exe

Registry Details

Sdbot.add may create the following registry entry or registry entries:


Most Viewed