The Web    Google
6/10: Agobot-JT Allows Unauthorized Access

6/10: Agobot-JT Allows Unauthorized Access
June 10, 2004

W32/Agobot-JT is a backdoor worm that runs in the background as a system process and allows unauthorized remote access to the computer.

The worm copies itself to the Windows system folder as NAVAPSVC.EXE and adds entries to the registry at:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices to run itself on system restart.

W32/Agobot-JT may also add a number of registry entries at:

HKLM\SYSTEM\ControlSet001\Services\Video line
HKLM\SYSTEM\CurrentControlSet\Services\Video line

More information is at Sophos page.

  • 1/12: Bobax-D Worm Exploits LSASS Flaw
  • Gilian Set to Unveil Enhanced Web Security Appliance
  • 7/23: Dluca-CQ an Adware Application
  • 2/23: Anicmoo-B a Downloader Trojan
  • Virus Alert Activity Intensifies
  • 11/29: JS/Spawn-C an Encoded Worm
  • Meta Group Slams Wireless LAN Suppliers on Security
  • Another Flaw Found in Microsoft VM
  • 9/15: Forbot-C Spreads to Remote Shares
  • 'Critical' Office 2003 Patch Released
  • HP Cuts to the Middle of Disaster Recovery
  • Security Camera Related Information