W32/Sdbot.nf

Type: Worm
Size: 192000 Byte
System Affected: Windows 2000,XP,NT,....
Others Known As:

Backdoor.Win32.Rbot.bmo (Kaspersky) W32/Backdoor (F-Prot)

Characteristics :

1) Creates the following registry keys :


◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IRQ Assigning Agent = IRQconf.exe


◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\IRQ Assigning Agent = IRQconf.exe


◊ HKEY_CURRENT_USER\Software\Microsoft\OLE\IRQ Assigning Agent = IRQconf.exe


2) Create the following files :

◊ %system%\IRQconf.exe

Copyright © 1994-2008 Imen Computer Virology Laboratory I.C.V.L .
All Rights Reserved .
Mehran Rayaneh Engineering Co.