W32/Agobot-JW is a worm which spreads to networks shares with weak passwords. The worm also includes backdoor functions which can be controlled over IRC by a remote attacker.
When first run the worm copies itself to neroasm.exe in the Windows system
folder and adds the registry entries
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NeroAutoStartClient
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
NeroAutoStartClient
The worm removes registry entries and files used by a number of other worms
and terminates a large number of anti-virus and security related processes.
W32/Agobot-JW copies itself to shares with weak passwords as a file named
wrtx.exe.