Q

Removing backdoor.sdbot from computers

We use Trend Micro and found some of our PCs -- 15 of 140 -- infected with BKDR_SDBOT.M. The fact we found them

seems due to the pattern (623), which includes this backdoor.

I had some problems looking for the origin of the infection, because I wasn't able to locate an .exe. Trend Micro's information seems to be erroneous by showing QUEUDO as the name, but Symantec seems more realistic with svsghost and wsock32 names.

So, then I checked on an infrequently used PC (with older antivirus pattern) by disconecting it from the network to avoid pattern update. I checked the places where the backdoor is supposed to be, but found nothing. Some minutes later (reconnecting the PC to the network) I received a message showing a backdoor infection. I don't understand what happened. Can you please explain this to me?


Backdoor.sdbot is a backdoor Trojan horse that allows the Trojan's creator to control a computer by using Internet Relay Chat (IRC). Backdoor.sdbot can update itself by checking for newer versions over the Internet.

I recommend visiting Symatec's sitefor instructions on how to remove this virus.

You will find these removal instructions:

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Do one of the following:
  a. Windows 95/98/Me/2000/XP: Restart the computer in Safe mode.
  b. Windows NT: End the Trojan process.
4. Run a full system scan and delete all the files detected as Backdoor.Sdbot.
5. Edit the changes that the Trojan made to the registry.

Also, as I always do, I recommend checking www.symantec.com, www.mcafee.com for fixed and removal. These removal services are free, so take advantage of them.


For more info on this topic, check out these SearchSecurity.com resources:
  • Best Web Links: Patches/patch management
  • Virus Prevention Tip: Virus protection -- prevention, detection, response
  • On-demand webcast: Potential virus authors and consequences

  • This was first published in September 2003

    Dig deeper on Malware, Viruses, Trojans and Spyware

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close