W32/Sdbot-KE is a network worm and backdoor for the Windows platform. The backdoor component allows a malicious user remote access to an infected computer via IRC. The worm spreads by exploiting network shares with weak passwords. W32/Sdbot-KE copies itself to wintftp.exe in the system folder on remote computers and runs the copy.
Manual removal: Locate the HKEY_LOCAL_MACHINE entries: HKLM\Software\Microsoft\Windows\CurrentVersion\Run HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices and delete the value: Win FTP = wintftp.exe