If you notice that your bandwidth is being consumed or that your computer is acting weird you might be infected with the sdbot. The sdbot source can be customized greatly so it can be hard to remove if you are dealing with a higher order of script kiddie. I will show you how to remove a standard sdbot that hasn't been modified. The sdbot will make a registry entry in :
so to remove it find these entries, if its a standard sdbot that hasn't been configured the registry entry will probably be "Configuration Loader". Remove the entry in run and run services (making a note of the filename for these keys) and reboot. Now go into the system or system32 folder depending on what version of windows you run and deleted the exe that was associated with that registry entry, now you should be clean. Do a netstat to make sure you don't see the bot connected to an IRC server, if you don't, you should be fine now.
This was a quick tutorial I wrote for some friends of mine. I hope you enjoyed it. Remember that DDoS attacks as well as entering someone else
No Comments for this page.