W32/Spybot-NX

Category:	Viruses and Spyware	Protection available since:	29 Jun 2007 15:55:11 (GMT)
Type:	Win32 worm	Last Updated:	29 Jun 2007 15:55:11 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Summary
More information

W32/Spybot-NX is a worm for the Windows platform with IRC backdoor functionality.

W32/Spybot-NX is a worm for the Windows platform with IRC backdoor functionality.

W32/Spybot-NX installs as ajsha5.exe in the <System> folder. The following Registry entries are added to run at startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
(default)
ajsha5.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
(default)
ajsha5.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
(default)
ajsha5.exe

Once running, W32/Spybot-NX attempts to connect to a remote server (port 3921) to receive remote commands.

Try Sophos products for free
Download now

W32/Spybot-NX

Free Mac Anti-Virus

Popular topics