W32/Akbot-AG

Category:	Viruses and Spyware	Protection available since:	04 Oct 2006 00:00:00 (GMT)
Type:	Win32 worm	Last Updated:	04 Oct 2006 00:00:00 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Summary
More information

W32/Akbot-AG is a worm for the Windows platform.

W32/Akbot-AG spreads to other network computers by exploiting common buffer overflow vulnerabilities, including ASN.1 (MS04-007).

When first run W32/Akbot-AG copies itself to <Windows system folder>\ltssvc.dll.

The following registry entry is created to run code exported by ltssvc.dll on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ltssvc
rundll32.exe <Windows system folder>\ltssvc.dll,start

W32/Akbot-AG modifies the Windows hosts file, usually found in <Windows system folder>\drivers\etc\hosts, to block access to anti-virus and security related websites.

Try Sophos products for free
Download now

W32/Akbot-AG

Free Mac Anti-Virus

Popular topics