high
Summary
Summary
Action- More Information
| Protection available since | 14 May 2004 09:30:17 (GMT) |
|---|---|
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Agobot-YX is a network worm and an IRC backdoor Trojan.
When first run, W32/Agobot-YX copies itself to the Windows system folder and
creates the following registry entries to run itself on startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\yx = uu.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\yx = uu.exe
W32/Agobot-YX exploits a number known vulnerabilties i.e. WebDAV
vulnerability, RPC DCOM vulnerabilty and Windows LSASS vulnerability.
These vulnerabilities allow the worm to execute its code on target computers
with System level privileges. For further information on these vulnerabilities
and for details on how to protect/patch the computer against such attacks
please see Microsoft security bulletins MS03-007, MS03-026 and MS04-011.
W32/Agobot-YX attempts to terminate various processes related to anti-virus
and security software.
Each time W32/Agobot-YX is run it attempts to connect to a remote IRC server
and join a specific channel.
W32/Agobot-YX also collects system information and registration keys of
popular games that are installed on the computer.
|
