Skip to navigation content (Press Enter).

University Technology Services

Backdoor Sdbot / W32/Rbot-AVQ Spyware Worm

Backdoor Sdbot / W32/Rbot-AVQ Spyware Worm is on campus. It affects Microsoft Windows operating systems by taking advantage of weak or non existent system passwords. Once a computer is infected it allows others to access the computer, reduces system security, changes the password, records keystrokes and installs itself in the Registry. The spyware worm spreads through network shares.

You are strongly encouraged to use strong passwords. Protect any account with root or system administrator privilege by following recommended password practices using strong passwords. Do not use defaults passwords as received from the vendor. Passwords should not be written down on notes attached to a keyboard or monitor or left in an unlocked desk drawer. All passwords should be changed regularly. Passwords protecting privileged accounts should be changed more frequently. A strong password must:

    1. be as long as possible (never shorter than 6 characters); include mixed-case letters, if possible;
    2. include digits and punctuation characters, if possible;
    3. not be based on personal information (names or initials of family members or pets, birthdates, license plate, phone numbers, etc.) that would make it easy to guess;
    4. not be based on any dictionary word (in any language);
    5. not be based upon any form of the account name.

Samples of the worm have been sent to Norton. Norton will detect the worm as Backdoor-Sdbot. At this time the instructions for cleaning are manual.

Norton recommendation and removal instructions:

Service Bulletins

  • MAC ID Password Expiry

    Beginning in May 2016, MAC ID passwords at McMaster expire annually. Learn more at

Service Desk

Client Self Service:
Hours: Monday - Friday
8:30 am - 4:30 pm
Phone: 905-525-9140 x24357 (2HELP)
Location: Main Campus BSB Rm. 245
Service Catalogue:

Great Idea Site

Great Idea