 6/10: Agobot-JT Allows Unauthorized Access |
 |
|
|
|
|
|
6/10: Agobot-JT Allows Unauthorized Access
June 10, 2004
W32/Agobot-JT is a backdoor worm that runs in the background as a system process and allows unauthorized remote access to the computer.
The worm copies itself to the Windows system folder as NAVAPSVC.EXE and adds entries to the registry at:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
and
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices to run itself on system restart.
W32/Agobot-JT may also add a number of registry entries at:
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_VIDEO_LINE
HKLM\SYSTEM\ControlSet001\Services\Video line
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VIDEO_LINE
HKLM\SYSTEM\CurrentControlSet\Services\Video line
More information is at Sophos page.
|
|
|
|
|
1/12: Bobax-D Worm Exploits LSASS Flaw
Gilian Set to Unveil Enhanced Web Security Appliance
7/23: Dluca-CQ an Adware Application
2/23: Anicmoo-B a Downloader Trojan
Virus Alert Activity Intensifies
11/29: JS/Spawn-C an Encoded Worm
Meta Group Slams Wireless LAN Suppliers on Security
Another Flaw Found in Microsoft VM
9/15: Forbot-C Spreads to Remote Shares
'Critical' Office 2003 Patch Released
HP Cuts to the Middle of Disaster Recovery
Security Camera Related Information
 |
