SP2 users: MS06-040 worm has a message to you
What the code of W32/Sdbot.worm!MS06-040 worm actually states is:
It has this string in virus body suggesting more variants in the future.
“rBot v2 a.k.a. the next generation (working on winXP SP2)”
It will add the following Registry value too:
“JavaNet” = “rBot v2 a.k.a. the next generation (working on winXP SP2)”
It appears that Symantec uses name W32.Randex.GEL.
It is worth of noticing that if You will find file javanet.exe in Windows System directory you probably are infected.