W32/Delbot-G

Category	Viruses and Spyware
Type	Worm
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


How it spreads	Network shares Peer-to-peer
Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	15 February 2007 03:34:04 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing worms.

More Information

Summary
Action
More Information

W32/Delbot-G is an IRC worm with backdoor functionality which allows a remote intruder to gain access and control over the computer.

W32/Delbot-G spreads:

- to computers vulnerable to common exploits, including: Symantec (SYM06-010) and SRVSVC (MS06-040)
- to MSSQL servers protected by weak passwords W32/Delbot-G is an IRC worm with backdoor functionality which allows a remote intruder to gain access and control over the computer.

W32/Delbot-G spreads:

- to computers vulnerable to common exploits, including: Symantec (SYM06-010) and SRVSVC (MS06-040)
- to MSSQL servers protected by weak passwords

When first run W32/Delbot-G copies itself to <System>\jwmngr.exe.

The following registry entry is created to run jwmngr.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
JW Manager
<System>\jwmngr.exe

Get reports about the latest virus and spyware threats delivered to your computer

In this section

W32/Delbot-G

Summary

Action

More Information