Posts Comments

Sdbot.add Virus Removal

By admin on April 2, 2010 Leave a Comment

Sdbot.add is a worm that grants access to the user’s system to a remote attacker. Sdbot.add mostly operates through IRC channels, and it drops a rootkit in to the infected system which allows the malware developer to enter the administrator (root) account of the computer. The attacker may then use Sdbot.add to gain private information about the user or the attacker may use it as a zombie to attack a server. Sdbot.add gets installed along with freeware/shareware, through peer-to-peer software or by getting downloaded from malicious websites. Once installed, this malicious program immediately executes and drops the rootkit into the system folder, where it will act as a backdoor for the attacker to enter the computer. Sdbot.add can also propagate itself through the internet by sending itself to other user’s via a computer that it has infected. Users with an Sdbot.add infection on their system will experience slow computer and network speeds, new desktop shortcuts and background image, as well as their homepage will be changed. Pop-up advertisements will also be displayed even if the user is not online.

It is important to remove Sdbot.add as soon as you find it on your computer. In order to do this, it is required to stop its processes, delete its files and remove its registry entries.

File Removal Procedures

The first step that you must take in order to remove Sdbot.add is to kill the following process:

  • lockx.exe

The next step is to delete following files and folders:

  • lockx.exe
  • xz.bat
  • msdirectx.sys

Once these steps have been completed, Sdbot.add no longer resides on your hard disk. However, in order to make sure of this fact, it is recommended to conduct a full system scan using legitimate antivirus software such as Spyware Doctor with Antivirus as in many cases Sdbot.add manages to create additional hidden files that can lead to further operating system damage and data loss.

Registry Removal Procedures

Removing files is not sufficient to completely remove Sdbot.add. In order to complete Sdbot.add removal, it is necessary to delete the following keys and settings from the Windows Registry as well:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\stratas=lockx.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stratas=lockx.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\stratas=lockx.exe

Now it is safe to say that your computer is completely safe from Sdbot.add.

Conclusion

Inexperienced computer users are advised against trying to remove Sdbot.add manually, as a wrong move made due to lack of experience may harm your computer.

Filed Under: Virus Removal Tagged With: , , ,

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.