W32/Agobot-JQ

Aliases	Gaobot Phatbot Agobot3
Category	Viruses and Spyware
Type	Worm
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Protection available since	9 June 2004 10:54:45 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing worms.

More Information

Summary
Action
More Information

W32/Agobot-JQ is a worm that spreads via unpatched machines affected by
RPC/DCOM vulnerabilities.

In order to run automatically when Windows starts up the worm copies itself to
the file lrbz32.exe in the Windows system folder and adds the following registry entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
LRBZ Utility 32 = lrbz32.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
LRBZ Utility 32 = lrbz32.exe

W32/Agobot-JQ allows a malicious user to access the machine via IRC channels.
The operations available to such a user include:

aol spamming
messenger spamming
downloading and uploading files
executing arbitrary commands
tcp port redirection
rebooting the machine

Get reports about the latest virus and spyware threats delivered to your computer

In this section

W32/Agobot-JQ

Summary

Action

More Information