|Added as a result of the SDBOT.Q virus.
Is a Backdoor Trojan Horse that can be controlled through an IRC server.
When Backdoor.SDBot.Q is executed, it attempts to perform the following actions:
Creates a copy of itself as %SYSTEM%\winz32.exe.
And adds the value:
"INTERNET_SERVISES" = "winz32.exe"
to the registry key:
Connects to the IRC server, greenz.dyn.nu, joins a predefined channel, and waits for commands from the hacker.
The commands include, but are not limited to, the following:
- Manage the backdoor.
- Control the IRC client on an infected computer.
- Open and close the CD-ROM drive.
- Add files to the KaZaA, Grokster, and Bearshare shared folders. This Backdoor contains a large list of file names, which it attempts to use.
- Download and execute files.
- Start or Terminate processes.
Navigate to the key:
In the right pane, delete the value:
Use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.