Problem solve Get help with specific problems with your technologies, process and projects.

Removing backdoor.sdbot from computers

We use Trend Micro and found some of our PCs -- 15 of 140 -- infected with BKDR_SDBOT.M. The fact we found them...

seems due to the pattern (623), which includes this backdoor.

I had some problems looking for the origin of the infection, because I wasn't able to locate an .exe. Trend Micro's information seems to be erroneous by showing QUEUDO as the name, but Symantec seems more realistic with svsghost and wsock32 names.

So, then I checked on an infrequently used PC (with older antivirus pattern) by disconecting it from the network to avoid pattern update. I checked the places where the backdoor is supposed to be, but found nothing. Some minutes later (reconnecting the PC to the network) I received a message showing a backdoor infection. I don't understand what happened. Can you please explain this to me?

Backdoor.sdbot is a backdoor Trojan horse that allows the Trojan's creator to control a computer by using Internet Relay Chat (IRC). Backdoor.sdbot can update itself by checking for newer versions over the Internet.

I recommend visiting Symatec's sitefor instructions on how to remove this virus.

You will find these removal instructions:

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Do one of the following:
  a. Windows 95/98/Me/2000/XP: Restart the computer in Safe mode.
  b. Windows NT: End the Trojan process.
4. Run a full system scan and delete all the files detected as Backdoor.Sdbot.
5. Edit the changes that the Trojan made to the registry.

Also, as I always do, I recommend checking www.symantec.com, www.mcafee.com for fixed and removal. These removal services are free, so take advantage of them.

For more info on this topic, check out these SearchSecurity.com resources:
  • Best Web Links: Patches/patch management
  • Virus Prevention Tip: Virus protection -- prevention, detection, response
  • On-demand webcast: Potential virus authors and consequences

  • This was last published in September 2003

    Dig Deeper on Malware, virus, Trojan and spyware protection and removal

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.