W32/Rbot-AWC

Aliases	Backdoor.Win32.Rbot.agf
Category	Viruses and Spyware
Type	Worm
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


How it spreads	Network shares
Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	7 November 2005 04:01:32 (GMT)
Last updated	22 December 2005 19:10:39 (GMT)
Detected by	All Sophos products

Sophos beta program
Register now for our latest beta tests

W32/Rbot-AWC is a Network worm for the Windows platform.

When W32/Rbot-AWC is installed it moves itself to <System>\wupdate.exe and creates the file <System>\svkp.sys.

The file SVKP.sys is a non-malicious application.

W32/Rbot-AWC creates the following registry entries so as to auto-start:

HKCU\Software\Microsoft\OLE
Microsoft Generic Update Manager
wupdate.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Generic Update Manager
wupdate.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Microsoft Generic Update Manager
wupdate.exe

Get reports about the latest virus and spyware threats delivered to your computer