Aliases
Backdoor.Agobot.hm, WORM_AGOBOT.HM, W32.HLLW.Polybot
Type
Win32 worm
W32/Agobot-EX is an IRC backdoor Trojan and network worm.
When first run W32/Agobot-EX copies itself to the Windows system folder with the filename soundman.exe. The following registry entries are created with the intention of starting the worm when a user logs into Windows, but an error results in these values being garbage:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
^`d}qZxu= ~`d}qzxu3zYF
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
^`d}qZxu= ~`d}qzxu3zYF
W32/Agobot-EX also registers itself as a service which will be activated when Windows starts up. The name of the service is SoundMan.
More: http://www.sophos.com/virusinfo/analyses/w32agobotex.html
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
General discussion
W32/Agobot-EX
Discussion is locked
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic