The Web    www.100share.com    Google
 
6/10: Agobot-JT Allows Unauthorized Access
 

6/10: Agobot-JT Allows Unauthorized Access
June 10, 2004

W32/Agobot-JT is a backdoor worm that runs in the background as a system process and allows unauthorized remote access to the computer.

The worm copies itself to the Windows system folder as NAVAPSVC.EXE and adds entries to the registry at:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
and
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices to run itself on system restart.

W32/Agobot-JT may also add a number of registry entries at:

HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_VIDEO_LINE
HKLM\SYSTEM\ControlSet001\Services\Video line
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VIDEO_LINE
HKLM\SYSTEM\CurrentControlSet\Services\Video line

More information is at Sophos page.


 
  • Cobalt RaQ 4 Security Flaw Detected
  • Bagle-BK Worm Downloads Code
  • 10/28: Backdoor.Futro a Server Program
  • Microsoft XP SP2 Blog Watch
  • 4/15: Sdbot-XC Worm Targets Passwords
  • AntiOnline Spotlight: Trojan Force
  • 6/14: Spybot-CO Spreads via KaZaA Network
  • Alliance Formed to Finger Hackers
  • 6/10: Agobot-JT Allows Unauthorized Access
  • 4/4: VBS.Kuullio Worm Sends Emails
  • Phishing Scams Increase 1,200% in 6 Months
  • Buy Security Camera