W32/Sdbot-WS

Here is a short description of W32/Sdbot-WS:


This virus/malware was added to our database at: 04/04/05

Anti-virus program

This malware was discovered and named by Sophos.
For removal tools and/or anti-virus programs for W32/Sdbot-WS then anti-virus programs and tools from Sophos can remove the virus/malware.


For more information about antivirus programs you can read here:Antivirus programs


More information about W32/Sdbot-WS
This section is for technical experts who want to know more. W32/Sdbot-WS is a member of the W32/Sdbot family of network worms. The worm can spread to weakly protected network shares, and to computers already infected with W32/MyDoom. In order to run automatically when Windows starts up the worm copies itself to the folder as winupdate.exe and creates the following registry entries: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ Windows Update winupdate.exe HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\RunServices Windows Update winupdate.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ Windows Update winupdate.exe Once installed, W32/Sdbot-WS connects to a preconfigured IRC server and joins a channel from which an attacker can issue further commands. These commands can cause the infected computer to perform any of the following actions: Scan for remote computers to infect Steal product keys Upload, download and execute files Retrieve information about an infected system The worm can be instructed to secure an infected computer, and does this by attempting to delete the C$, D$, IPC$ and ADMIN$ network shares, and disable DCOM by setting the following registry entry: HKLM\\Software\\Microsoft\\OLE EnableDCOM N .
This was added 02/23/08 19:27:16

More information from Sophos


If you feel like there is information missing or if you want to add information then send us that information by filling in information below.



Write removal instructions for W32/Sdbot-WS