Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Backdoor:W32/SdBot.CNJ


Aliases:


Backdoor:W32/SdBot.CNJ
Trojan.Win32.Agent.asdj

Malware
Backdoor
W32

Summary

Backdoor:W32/SdBot.CNJ is a piece of malicious software that tries to disable various firewalls and antivirus programs, steal passwords from the infected machine and spread through removable media devices.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details


Process Changes

Creates these processes:

  • %cwd%\[filename].exe
  • %programfiles%\Internet
  • Explorer\IEXPLORE.EXE/[filename]

Creates these mutexes:

  • Y_aKS~pXq1MKTN4PE

Network Connections

Attempts to connect with HTTP to:

  • Web1.(censored)[removed].org:443/TCP

Registry Modifications

Sets these values:

  • HKCU\Software\Microsoft\Windows NT\CurrentVersion (default) = h1Ucm{yQvor}^imlol|Pxhc|en isl
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run QnX = c:\(path)\[filename].(filename)exe
  • HKLM\SOFTWARE\Microsoft\Active Setup\Installed
  • Components\{77520Q86-864L-N81R-0R2W-7U2G0P22436U} StubPath = "c:\(path)\.(filename)exe"
  • HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run QnX =c:\(path)\.(filename)exe

Creates these keys:

  • HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{77520Q86-864L-N81R-0R2W-7U2G0P22436U}






Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.

Scan and clean your PC




F-Secure Online Scanner will scan and clean your PC in just a few minutes for free