Threat Information for "BackDoor.Sdbot.777"

StopSign will automatically remove this infection with a paid membership.

• Name: BackDoor.Sdbot.777
• Aliases:Worm/Rbot.651264, Win32:Rbot-BTN, Backdoor.Rbot.BAR, Win32.Rbot.bar, W32/RBot.BAR!tr.bdr, W32/SdbotX.HBQ
• Date Discovered: 2006-09-13
• Protection Added: 2006-09-20

-- Ease of Removal

1: Uses running processes
2: Consistent file contents
3: Consistently named
4: Creates new registry entries with consistent data

-- Privacy Risks/Security Changes

1: Disables security software
2: Disables Windows Firewall

-- Damage/Intrusion/Annoyance

1: Downloads other threats
2: Displays deceptive error messages

-- Propagation/Saturation

1: Spreads through Peer-2-Peer software

• Added Registry Key:
  Key: HKLM\SOFTWARE\CLASSES\CLSID\{0BB333C3-A958-C633-9D8C-71889A5FF703}
• Added Registry Key:
  Key: HKLM\SOFTWARE\Microsoft\RFC1156Agent
• Added Registry Key:
  Key: HKCR\CLSID\{0BB333C3-A958-C633-9D8C-71889A5FF703}
• Added Registry Value:
  Key: HKU\S-*\Software\Microsoft\Windows Value: blahbo
• Added Registry Value:
  Key: HKLM\SOFTWARE\Licenses Value: {0EFA91D4B2BF0CD83}
• Added Registry Value:
  Key: HKLM\SOFTWARE\Licenses Value: {K7C0DB872A3F777C0}
• Added Registry Value:
  Key: HKLM\SOFTWARE\Licenses Value: {R7C0DB872A3F777C0}
• Added Registry Value:
  Key: HKLM\SOFTWARE\Licenses Value: {IEFA91D4B2BF0CD83}
• Added Registry Value:
  Key: HKCU\Software\Microsoft\Windows Value: blahbo
• Added Registry Data:
  Key: HKU\S-*\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: mguard.exe
• Added Registry Data:
  Key: HKCU\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: MGUARD.EXE
• Added Registry Data:
  Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: MGUARD.EXE