Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Troj/Agobot-EV

Mar 17, 2004 11:23PM PST

Aliases
Backdoor.Agobot.ev, W32.HLLW.Gaobot.gen, BKDR_AGOBOT.EV

Type
Trojan

Description
Troj/Agobot-EV is an IRC-based backdoor Trojan.
On execution the Trojan copies itself to the Windows system folder as cpsdv.exe and sets the following registry entries so that it starts on system startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Norton Live Update Server

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Norton Live Update Server

The Trojan also registers itself as a service called Norton Live Updater Server.

http://www.sophos.com/virusinfo/analyses/trojagobotev.html

Discussion is locked