PC Security Shield Virus Alert: Worm.Win32.Agobot.540672
  • Also Known As
    		•  WORM_AGOBOT.WQ [Trend], W32/Gaobot.worm.gen.d [McAfee]  
  • Type
    		•  Worm 
  • Systems Affected
    		•  Win32 
  • Resident in System Memory
    		•  No
  • Origin
    		•  Bulgaria
  • Encryption
    		•  No
  • Discovered on
    		•  09/15/2006
  • How it spread
    		•  Network, Security vulnerabilities
  • Infection symptoms
    		•  Changes registry, Information leak, Accessing certain IRC server, Opens the specific port, Creates file, Process shuts down
  • Specific date of infections
    		•   None
  • Destructivity/ Distribution Potential
    		•  ** / ***  
  • ViRobot version able to detect/repair
    		•  Able to detect/repair
    [ViRobot version: 09/16/2006]  

    Technical Description

    Summary

    Tis worm is the variant of Agobot, and copies itself as "vstmgr.exe" in the Windows system folder.

    It opens random TCP port, and links to specified IRC channel via report port 5130, then becomes the agent that executes the hacker's order

    that attempts DoS attack to specified URL.

    [The radical protection against spreading and variants]

    The functions of Agobot variants are constantly added and modified, the reason why it is because source code related to Bot is exposed.

    If the spreading path worm spreads is radically intercepted, it may not be infected by the variants.



    How to repair:       [Repair by using The Shield AntiVirus 2007]


    The Shield Pro AntiVirus & Firewall 2007


    The Shield 2007 PRO Anti Virus