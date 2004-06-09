Aliases
Gaobot
Type
Win32 worm
Description
W32/Agobot-JT is a backdoor worm which runs in the background as a
system process and allows unauthorised remote access to the computer.
The worm copies itself to the Windows system folder as NAVAPSVC.EXE and adds entries to the registry at
HKLM\Software\Microsoft\Windows\CurrentVersion\Run and
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
to run itself on system restart.
More: http://www.sophos.com/virusinfo/analyses/w32agobotjt.html
W32/Agobot-JX
Type
Win32 worm
Description
W32/Agobot-JX is a backdoor Trojan and worm which spreads to computers
protected by weak passwords and to computers infected with variants of
W32/MyDoom.
When first run, W32/Agobot-JX moves itself to the Windows system folder as
wupdate.exe and creates the following registry entries to run itself on system
logon:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
napv.exe = wupdate.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
napv.exe = wupdate.exe
W32/Agobot-JX also sets itself up as a windows service, with the
service name "navp.exe".
More: http://www.sophos.com/virusinfo/analyses/w32agobotjx.html