W32/Delbot-I

Category: Viruses and Spyware Protection available since:26 Feb 2007 00:00:00 (GMT)
Type: Win32 worm Last Updated:26 Feb 2007 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Delbot-I is an IRC worm with backdoor functionality which allows a remote intruder to gain access and control over the computer.

W32/Delbot-I spreads to other network computers by scanning network shares for weak passwords and by exploiting common buffer overflow vulnerabilities, including Symantec (SYM06-010).

W32/Delbot-I is an IRC worm with backdoor functionality which allows a remote intruder to gain access and control over the computer.

W32/Delbot-I spreads to other network computers by scanning network shares for weak passwords and by exploiting common buffer overflow vulnerabilities, including Symantec (SYM06-010).

When first run W32/Delbot-I copies itself to <System>\resvs.exe.

The following registry entry is created to run resvs.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Registry Service
System\resvs.exe

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy