IRC-Sdbot, Backdoor.IRC.SdBot, BKDR_SDBOT.B, Troj/Sdbot-B, Win32.SdBot.14176
Category: Trojan Horse
Active & Spreading
Europe, North and South America, and some parts of Asia and Australia
30 Apr 2002
W32.DpBot.Trojan or SDBot as known by many, is typically a “bot” specifically known as IRC (Internet Relay Chat. It is also a program or software that usually spreads and comes from several chat sites. Dpbot is another malicious software that has backdoor capabilities. It steals private or confidential files or data from the compromised computer. It can also be destructive, since it has the ability to also download malware on a compromised computer so that it can further damage your computer’s system.
W32.DpBot.Trojan Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a trojan horse removal tool to automatically clean W32.DpBot.Trojan from your computer.
More details about W32.DpBot.Trojan
SDBot also changes registry values to reduce system security; thus, producing several effects such as allowing remote user connection, logging key strokes, connecting itself automatically to the Internet, and concealing itself from the user while staying resident in the background. Surveys also have known that all Windows Operating System can be affected by this vius. It controls the compromised computer by using Internet Relay Chat which is done remotely or locally. Most of the IRC servers known for this Trojan to spread are bmu.h4x0rs.org, bmu.q8hell.org and bmu.FL0W1NG.NET. The Trojan can update itself by checking for newer versions on the Internet in order for it to gain full control of the compromised computer. Once it is executed, like many other viruses, it continuously copies itself to the compromised computer’s system files.
Some known filenames of W32.DpBot.Trojan are Aim95.exe, CMagesta.exe, Cmd32.exe, Cnfgldr.exe, Explorer.exe, FB_PNU.EXE, IEXPL0RE.EXE, MSTasks.exe, MSsrvs32.exe, Mssql.exe, Regrun.exe, Svchosts.exe, Sys32.exe, Sys3f2.exe, Syscfg32.exe, Sysmon16.exe, YahooMsgr.exe, cthelp.exe, iexplore.exe, ipcl32.exe, quicktimeprom.exe, service.exe, sock32.exe, spooler.exe, svhost.exe, syswin32.exe, vcvw.exe, winupdate32.exe and xmconfig.exe. The W32.DpBot.Trojan program normally installs itself inside the system without noticing and calibrated with hidden functionalities that can include other malicious malwares and install other possible threats. This is normally dropped by adware from unsolicited sites. According to reports, this Trojan uses random TCP port and operates as an alternative server as its nasty habit. Its normal function is to collect a request from the victim and distribute the data to the original target. When this Trojan collects an incoming data request, the request is automatically sent to the target server or other third party server.