high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 26 January 2005 13:55:35 (GMT) |
| Detected by | All Sophos products |
Sophos beta program
- Endpoint Security and Control 9.0
- Small business solutions 4.0
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
To renable DCOM you can edit the registry, but it's better to use Dcomcnfg.exe. See Microsoft article 825750 for details.
More Information
W32/Codbot-A is a backdoor which contains functionality to spread via network shares.
W32/Codbot-A contains backdoor functionality which is likely to include packet sniffing and downloading further code.
W32/Codbot-A may attempt to exploit a number of vulnerabilities. W32/Codbot-A is a backdoor which contains functionality to spread via network shares.
When first run, W32/Codbot-A copies itself to the Windows system folder as NETMON.EXE and installs this file as a service with servicename "Netmon" and display name "Network Monitoring Service". The worm attempts to connect to an IRC channen and listens for backdoor commands from a remote attacker.
W32/Codbot-A contains backdoor functionality which is likely to include packet sniffing and downloading further code.
W32/Codbot-A may create Run and RunServices registry entries in order to run itself on system startup.
W32/Codbot-A makes the following change to the system registry:
HKLM\SOFTWARE\Microsoft\Ole
EnableDCOM
"N"
W32/Codbot-A may attempt to exploit a number of vulnerabilities.
|
