Threat Information for "BackDoor.IRC.Sdbot.775"

StopSign will automatically remove this infection with a paid membership.

• Name: BackDoor.IRC.Sdbot.775
• Aliases:
• Date Discovered: 2006-09-18
• Protection Added: 2006-09-20

-- Ease of Removal

1: Creates new registry entries with consistent data
2: Consistent file contents
3: Consistently named

-- Privacy Risks/Security Changes

1: Mimics legitimate file names

-- Damage/Intrusion/Annoyance

1: Downloads other threats
2: Creates new files
3: Displays deceptive error messages

-- Propagation/Saturation

1: Spreads through Peer-2-Peer software
2: Infects through Internet Relay Chat (IRC)

• Added Registry Key:
  Key: HKLM\SOFTWARE\Microsoft\RFC1156Agent
• Added Registry Key:
  Key: HKCR\CLSID\{0BB333C3-A958-C633-9D8C-71889A5FF703}
• Added Registry Key:
  Key: HKLM\SOFTWARE\ProductName
• Added Registry Key:
  Key: HKLM\SOFTWARE\CLASSES\CLSID\{0BB333C3-A958-C633-9D8C-71889A5FF703}
• Added Registry Value:
  Key: HKLM\SOFTWARE\Licenses Value: {IEFA91D4B2BF0CD83}
• Added Registry Value:
  Key: HKCU\Software\Microsoft\Windows Value: WinServ
• Added Registry Value:
  Key: HKU\S-*\Software\Microsoft\Windows Value: WinServ
• Added Registry Value:
  Key: HKLM\SOFTWARE\Licenses Value: {0EFA91D4B2BF0CD83}
• Added Registry Value:
  Key: HKLM\SOFTWARE\Licenses Value: {K7C0DB872A3F777C0}
• Added Registry Value:
  Key: HKLM\SOFTWARE\Licenses Value: {R7C0DB872A3F777C0}
• Added Registry Data:
  Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: winservnt32.exe
• Added Registry Data:
  Key: HKU\S-*\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: winservnt32.exe
• Added Registry Data:
  Key: HKCU\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: winservnt32.exe