W32/Delbot-AO is a worm for the Windows platform which also allows a remote intruder to gain access and control over the computer.
W32/Delbot-AO spreads:
- to computers vulnerable to common exploits, including: Symantec (SYM06-010) and SRVSVC (MS06-040)
- to MSSQL servers protected by weak passwords
When first run W32/Delbot-AO copies itself to <System>\zmon.exe.
The following registry entry is created to run zmon.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Z
<System>\zmon.exe