Re: UPDATES - November 17, 2004
W32/Agobot-NZ hit today. It is a backdoor Trojan and worm which spreads to computers protected by weak passwords.
Each time the Trojan is run it attempts to connect to a remote IRC server and join a specific channel.
The Trojan then runs continuously in the background, allowing a remote intruder to access and control the computer via IRC channels.
The Trojan attempts to terminate and disable various anti-virus and security-related programs and modifies the HOSTS file.
Check your administrator passwords and review network security.
If you are infected and want to executive a manual repair, replace the Hosts file from a backup or edit it in Notepad to remove the changes that the worm has made.
You will also need to edit the following registry entries, if they are present:
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entries:
and delete them if they exist.
Close the registry editor.
Was this reply helpful? (0) (0)