SdBot.wuamgrds
Category: Trojan
Risk:
Severe Risk
* Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Description: SDBot is the name of a family of remote access tools, also known as backdoors or worms, used by hackers to control a machine without the owner's knowledge. Attacks other hosts on port 135. Connects to IRC server @ 66.131.198.156:6667.
Alias: None
Signatures:
process: wuamgrds.exe: MD5 Hash: a70d5b8679a5a021d45
process: wuamgrd.exe: MD5 Hash: 213a82023e6f0a388bc
process: wuamgrd.exe: MD5 Hash: 723ca1a79bf55c778b5
process: wuamgrd.exe: MD5 Hash: 8ded7efa1eaeb179724
process: wuamgrd.exe: MD5 Hash: d0547112d8e9d235234..
Copyright @2006 THR Computer Solutions: SdBot.wuamgrds