Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Agobot-DZ

Mar 16, 2004 12:02AM PST

Aliases
Backdoor.Agobot.gr, W32/Gaobot.worm.gen.d, Win32/Agobot.GR, W32.HLLW.Gaobot.gen

Type
Win32 worm

Description
W32/Agobot-DZ is capable of spreading to computers on the local network protected by weak passwords.
When first run W32/Agobot-DZ moves itself to the Windows System32 folder as CONFGLDR.EXE.

The worm may also add its pathname to the following registry entries to run itself on startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\

Each time W32/Agobot-DZ is run it attempts to connect to a remote IRC server and join a specific channel.


More: http://www.sophos.com/virusinfo/analyses/w32agobotdz.html

Discussion is locked