Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Agobot-EC

Mar 16, 2004 12:09AM PST

Type
Win32 worm

Description
W32/Agobot-EC is an IRC backdoor Trojan and network worm.
W32/Agobot-EC copies itself to network shares with weak passwords.

When first run W32/Agobot-EC copies itself to the Windows system folder with the filename configldr.exe and creates the following registry entries so that the worm is run when Windows starts up:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Configuration Loading = configldr.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
Configuration Loading = configldr.exe


More: http://www.sophos.com/virusinfo/analyses/w32agobotec.html

Discussion is locked