Installs itself to: C:WINDOWSSYSTEMsyscfg32.exe Creates a registry entry in: HKEY LOCAL MACHINESoftwareMicrosoftWindowsCurrentVersionRun the entry reads: 'Configuration Loader'='syscfg32.exe' Also puts a registry entry into: HKEY LOCAL MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices this entry reads: 'Configuration Loader'='syscfg32.exe' This sdbot then connects to 216.111.123.14:6667 (thugs.MusIRC.com) or thugs.servemp3.com using a random letter nickname. The real name and ident are the same , and are also a random letter sequence. It then joins channel #cold with key 'goneaway'
Backdoor Program [Panda]Backdoor.SdBot.05.p [Kaspersky]Backdoor/SdBot.05.B2 [Computer Associates]IRC-Sdbot [McAfee]security risk or a "backdoor" program [F-Prot]Win32.Sdbot.G [Computer Associates]
syscfg32.exe