Good Evening,
Sorry to be one of the bearers of bad news, but… you most likely got worms
W32/Sdbot-OC copies itself to the Windows system folder as NTSYSMGR.EXE and as COOL.EXE and creates entries in the registry at the following locations with the value Microsoft System Checkup so as to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
See:
http://www.sophos.com/virusinfo/anal...32sdbotoc.html
The link also lists the cleanup procedures.
http://www.sophos.com/support/disinfection/worms.html
W32/Sdbot-OC is a network worm which contains IRC backdoor Trojan functionality, allowing unauthorised remote access to the infected computer.
· Turns off anti-virus applications
· Allows others to access the computer
· Uses its own emailing engine
· Downloads code from the internet
· Records keystrokes
Aliases
· Worm.Win32.Donk.d
· WORM_SDBOT.SE
edit: a minute late....lol
Reply With Quote