Home Forums Windows 7 Security Tips

Windows 7
Windows Vista
Windows XP

Security Tips
Keyboard Shortcuts


Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Hot Downloads

Privacy Policy
Contact Us




Aliases: Backdoor.Spyboter.gen, W32/Spybot.worm.gen.a, Win32/Spyboter.M
It is a worm which attempts to spread to remote network shares.
It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.
Copies itself to the Windows system folder as WINUSER32.EXE

Creates entries in the registry at the following locations so as to run itself on system startup:

Attempts to terminate some processes relating to antivirus and security programs including REGEDIT.EXE, PING.EXE and NETSTAT.EXE.
Attempts to set the following registry entry to prevent access to some registry tools:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools = 1

Spreads to network shares with weak passwords and via network security exploits as a result of the backdoor Trojan element receiving the appropriate command from a remote user, copying itself to NTLORD.EXE on the local computer at the same time.

W32/Sdbot-KF may log user keystrokes to a file called KEYLOG.TXT and network information to a file called SCANZ.TXT.

You can automatical remove it from startup with antivirus (also check How To Remove section)Startup Optimizer.

Still have a problem? Ask for help at our discussion forum.

Search Dangerous Files :

: : Recent posts at Forums : :

Fatal error: Incompatible file format: The encoded file has format major ID 1, whereas the Loader expects 7 in /home/software/public_html/forum/includes/functions_vbseo.php on line 0