|W32/Sdbot-LT is a worm which spreads via network shares.
It searches for shared folders with weak passwords and copies itself to the Windows System folder of a vulnerable computer as ntsyst32.exe.
Also may drop a backup copy of itself into payload.dat
The worm includes backdoor functions which can be controlled by a remote attacker over IRC.
The infected computer can be used to perform any of the following functions:
- Proxy server (SOCKS4)
- FTP server
- SMTP server
- File system Manipulation
- Port scanner
- DDoS floods (TCP,UDP,SYN)
- Remote shell (RLOGIN)
Automatic Removal: Use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.