high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
The name W32/Forbot-Fam is used where a file belongs to a particular family of worms, but the variant is not separately identified. Sophos's proactive protection technology will identify such files as a -Fam variant.
- Ensure that you are using the most recent IDE files, as more precise detection could now be available. If necessary
- update with the latest IDE files and
- repeat the scan.
- Please send us a sample to assist in improving our technology.
- Use the instructions for removing generically detected files to delete the file from your computer.
- If you require further assistance with disinfection, contact support.
More Information
W32/Forbot-Fam detects members of the Forbot family of worms.
W32/Forbot-Fam worms typically attempt to spread to remote network shares and open up a backdoor on the infected computer.
W32/Forbot-Fam worms also exploit vulnerabilities, including the LSASS exploit (see MS04-11). W32/Forbot-Fam detects members of the Forbot family of worms.
W32/Forbot-Fam worms typically attempt to spread to remote network shares and open up a backdoor on the infected computer.
W32/Forbot-Fam worms also exploit vulnerabilities, including the LSASS exploit (see MS04-11).
W32/Forbot-Fam worms copy themselves to the Windows system folder and create registry entries under the following locations in order to run automatically on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
|
