Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

WORM_AGOBOT.AV

Nov 26, 2003 3:07AM PST

Virus type: Worm

Destructive: No

Aliases: W32.HLLW.Gaobot.gen, Win32.HLLW.Agobot, Worm/Agobot

Description:


This memory?resident malware has both worm and backdoor capabilities.

Like earlier AGOBOT variants, this worm also exploits the following Windows vulnerabilities to propagate across the network:

Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability on Windows 2000 and XP
RPC locator vulnerability on Windows NT, 2000, and XP
Buffer Overrun vulnerability in IIS 5.0/WebDav
Additional information regarding these vulnerabilities are available at the following Microsoft pages:

Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS03-001
Microsoft Security Bulletin MS03-007

It also performs the following malicious tasks:

Connect to an Internet Relay Chat (IRC) channel and wait for commands from a remote user
Terminate several antivirus and security programs, and system files
Steal the Windows Product ID and CD Keys of many popular games
Terminate the processes of other malware
This UPX-compressed worm runs on Windows 2000 and XP.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AV

Discussion is locked