Ask the Expert

Removing backdoor.sdbot from computers

We use Trend Micro and found some of our PCs -- 15 of 140 -- infected with BKDR_SDBOT.M. The fact we found them seems due to the pattern (623), which includes this backdoor.

I had some problems looking for the origin of the infection, because I wasn't able to locate an .exe. Trend Micro's information seems to be erroneous by showing QUEUDO as the name, but Symantec seems more realistic with svsghost and wsock32 names.

So, then I checked on an infrequently used PC (with older antivirus pattern) by disconecting it from the network to avoid pattern update. I checked the places where the backdoor is supposed to be, but found nothing. Some minutes later (reconnecting the PC to the network) I received a message showing a backdoor infection. I don't understand what happened. Can you please explain this to me?

    Requires Free Membership to View

Backdoor.sdbot is a backdoor Trojan horse that allows the Trojan's creator to control a computer by using Internet Relay Chat (IRC). Backdoor.sdbot can update itself by checking for newer versions over the Internet.

I recommend visiting Symatec's sitefor instructions on how to remove this virus.

You will find these removal instructions:

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Do one of the following:
  a. Windows 95/98/Me/2000/XP: Restart the computer in Safe mode.
  b. Windows NT: End the Trojan process.
4. Run a full system scan and delete all the files detected as Backdoor.Sdbot.
5. Edit the changes that the Trojan made to the registry.

Also, as I always do, I recommend checking, for fixed and removal. These removal services are free, so take advantage of them.

For more info on this topic, check out these resources:
  • Best Web Links: Patches/patch management
  • Virus Prevention Tip: Virus protection -- prevention, detection, response
  • On-demand webcast: Potential virus authors and consequences

  • This was first published in September 2003

    There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: