W32.Spybot!dr


Aliases: W32/Sdbot.worm.gen.y, Trojan.MulDrop.2060, Worm/RBot.169984, Dropper.VB.3.AF, Trojan-Dropper.Win32.VB.em
Variants: Trojan.Dropper.Vb.EM, W32/Sdbot.CAO.worm, Win32/TrojanDropper.VB.NAC,

Classification: Malware
Category: Trojan Horse

Status: Inactive
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Hard
Platform: W32
Discovered: 23 Jul 2003
Damage: Low

Characteristics: The W32.Spybot!dr application is a software for threats that crashes W32.Spybot.Worm. It sets up a backdoor Trojan which is identified as Backdoor.IRC.Cloner as well.

More details about W32.Spybot!dr

In computing terminology, a Trojan horse or simply Trojan, refers to an application which attempts to mimic another type of program. According to some anti-virus manufacturers, this is where the potential danger of the W32.Spybot!dr Trojan horse lies. The W32.Spybot!dr Trojan horse is an installer for infections that attack W32.Spybot.Worm. It sets up a Backdoor Trojan horse which is identified as “Backdoor.IRC.Cloner” as well. When the W32.Spybot!dr Trojan horse is opened, it makes the directory, “%System%clientsfaxclientdrivers” and drops these “mcop.dll”, “mmsql32.bat”, “mnn32.exe”, “msmngr32.exe”, “msnq32.exe”, “mtnm32.dll”, “ntnwsys.ocx”, “pmnc32.exe”, “scm32.bat”, and “sdgoije.exe” files.

The W32.Spybot!dr Trojan horse adds the value "msmanager32"="%System%clientsfaxclientdrivers" and "Winsock2 driver" ="SDJOIJE.EXE" to the registry key, so that the worm opens when you begin Windows. Then the Trojan horse adds the value "Winsock2 driver" ="SDJOIJE.EXE" to the registry key, so that the Trojan horse opens when you begin windows. The W32.Spybot!dr Trojan horse is very dangerous threat that can destroy the stability of your computer and can lessen the performance of the operating system. It exploits the system security, and may gather personal information without the users consent. The W32.Spybot!dr Trojan horse also attempts to divert the attention of the user and prevent him from noting its other routines by dropping other files.