|
|
|  |
|
|
|
|
F-Secure Malware Information Pages: Backdoor:W32/SdBot.CNJ

|
|
|
| Radar |
 |
|
|
|
Summary
|
| Backdoor:W32/SdBot.CNJ is a piece of malicious software that tries to disable various firewalls and antivirus programs, steal passwords from the infected machine and spread through removable media devices |
|
|
|
Details
|
Process Changes Creates these processes:
%cwd%\.exe %programfiles%\Internet Explorer\IEXPLORE.EXE
Creates these mutexes:
Y_aKS~pXq 1MKTN4PE
Network Connections Attempts to connect with HTTP to:
web1.(censored).org:443/TCP
Registry Modifications Sets these values:
HKCU\Software\Microsoft\Windows NT\CurrentVersion (default) = h1Ucm{yQvor}^imlol|Pxhc|en isl HKCU\Software\Microsoft\Windows\CurrentVersion\Run QnX = c:\(path) \.(filename)exe HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{77520Q86-864L-N81R-0R2W-7U2G0P22436U} StubPath = " c:\(path)\.(filename)exe " HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run QnX = c:\(path)\.(filename)exe
Creates these keys:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{77520Q86-864L-N81R-0R2W-7U2G0P22436U}
|
|
|
|
F-Secure Corporation |
|
|
|
|
|
Last Modified: December 04, 2008
|
|
|
|
|