Know your Malware: Sdbot.add Removal

Sdbot.add is a dangerous widely spread worm that propagates mostly through unprotected network shares found on a local network. Once executed, the parasite drops a rootkit that allows the remote intruder to break into the infected system. Sdbot.add also runs a backdoor controlled through the IRC network. This backdoor gives the attacker unauthorized remote access to a compromised computer and allows to control it. Sdbot.add secretly runs on every Windows startup.

Related files: lockx.exe, xz.bat, msdirectx.sys

Sdbot.add properties:
Allows remote user connection
Connects itself to the internet
Hides from the user
Stays resident in background Remove Sdbot.add, removal instructions

Linked by shanmuga Wednesday, 19th October 2005 7:43AM