Problem solve Get help with specific problems with your technologies, process and projects.

Removing backdoor.sdbot from computers

We use Trend Micro and found some of our PCs -- 15 of 140 -- infected with BKDR_SDBOT.M. The fact we found them seems due to the pattern (623), which includes this backdoor.

I had some problems looking for the origin of the infection, because I wasn't able to locate an .exe. Trend Micro's information seems to be erroneous by showing QUEUDO as the name, but Symantec seems more realistic with svsghost and wsock32 names.

So, then I checked on an infrequently used PC (with older antivirus pattern) by disconecting it from the network to avoid pattern update. I checked the places where the backdoor is supposed to be, but found nothing. Some minutes later (reconnecting the PC to the network) I received a message showing a backdoor infection. I don't understand what happened. Can you please explain this to me?

Backdoor.sdbot is a backdoor Trojan horse that allows the Trojan's creator to control a computer by using Internet Relay Chat (IRC). Backdoor.sdbot can update itself by checking for newer versions over the Internet.

I recommend visiting Symatec's sitefor instructions on how to remove this virus.

You will find these removal instructions:

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Do one of the following:
 &nbspa. Windows 95/98/Me/2000/XP: Restart the computer in Safe mode.
 &nbspb. Windows NT: End the Trojan process.
4. Run a full system scan and delete all the files detected as Backdoor.Sdbot.
5. Edit the changes that the Trojan made to the registry.

Also, as I always do, I recommend checking www.symantec.com, www.mcafee.com for fixed and removal. These removal services are free, so take advantage of them.

For more info on this topic, check out these SearchSecurity.com resources:
  • Best Web Links: Patches/patch management
  • Virus Prevention Tip: Virus protection -- prevention, detection, response
  • On-demand webcast: Potential virus authors and consequences

  • This was last published in September 2003

    Dig Deeper on Malware, virus, Trojan and spyware protection and removal

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.