Virus type: Worm
Destructive: No
Description:
This polymorphic, memory-resident malware has both worm and backdoor capabilities.
Like the earlier AGOBOT variants, it takes advantage of the following Windows vulnerabilities to propagate across networks:
Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) Vulnerability
RPC Locator Vulnerability
IIS5/WEBDAV Buffer Overflow Vulnerability
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS03-001
Microsoft Security Bulletin MS03-007
It drops itself as the file WINCRT32.EXE in the Windows system folder and attempts to log into systems using a list of user names and passwords.
It connects to an Internet Relay Chat (IRC) server and joins an IRC channel to receive malicious commands, which it processes on the system.
It also terminates antivirus-related programs and steals CD keys of certain game applications.
This UPX-compressed malware runs on Windows NT, 2000, and XP.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.VP

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic