Trojan Horse IRC/Backdoor.SDBot4.gsi

Trojan Horse IRC/Backdoor.SDBot4.gsi is a definition for malware with remote access capability. This particular version can allow a remote attacker to gain control of the infected computer through backdoor. The Trojan frequently communicates to a remote server to download other malware that it can drop and execute on victim's machine.

When executed, Trojan Horse IRC/Backdoor.SDBot4.gsi will directly hit Windows registry. It will include certain values in order to disable warning messages that Windows prompts each time an illegal activity occurs on the system. The same actions will carry out by the Trojan that will reduce the security settings on Internet Explorer as well as operating system. With this action, user may be prone to any virus attack during the presence of Trojan Horse IRC/Backdoor.SDBot4.gsi.

Like most Trojan, Trojan Horse IRC/Backdoor.SDBot4.gsi will create a registry entry to run itself on Windows start-up. It may also inject harmful code into valid processes typically running on Windows operating system.

Then, the Trojan tries to contact a command and control (C&C) server through HTTP request using a configured Port. During analysis, it was discovered that most of C&C servers will provide remote command for this threat, giving an attacker full control on the compromised PC.

Characteristics:

Trojan Horse IRC/Backdoor.SDBot4.gsi allows a remote attacker to control the infected computer. It was also made to gather sensitive data like user name, password, and other vital software and hardware information. This Trojan is also capable of upgrading itself by contacting a remote server to download file updates.

Symptoms:

Backdoor Trojan are known for their capabilities taking control over an infected PC. Normally, this threat chews system resources more than any other threat. Thus, user may see sudden reduction on system performance as well as slow Internet connection.

How to Remove Trojan Horse IRC/Backdoor.SDBot4.gsi

1. Download Malwarebytes' Anti-Malware from this link and save it on your Desktop.
2. After downloading, double-click on mbam-setup.exe to install the application.
3. Follow the prompts and install as default only.

4. Before the installation completes, check on the following prompts:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware

5. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished click on the Show Results button.
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart your computer.

Note: Some malware may prevent mbam-setup.exe from downloading and running. You can download and rename this program from a different computer before running it on infected system.

3 Comments

  1. Fernando

    This trojan popped up when i did a virus scan with AVG, it was linked to my Internet Download Manager…I suppose i have to delete IDM now. Oh well, it was great while it lasted.

  2. k0ba1t

    So, it seems that only AVG antivirus detects this threat. Might it be that this is a fake alarm???

  3. Chachacha

    I’m seeing an alert from AVG on this now (only not .gsi but .QGB)

    Trojan Horse IRC/Backdoor.SdBot4.QGB

    And in this case the warning is for

    C:Program FilesLogitechSetPointConnect.exe

    The ODD thing is that AVG doesn’t seem to know anything more about the virus and will give 0 results if I search for it

Comments are closed.