 6/10: Agobot-JT Allows Unauthorized Access |
 |
|
|
|
|
|
6/10: Agobot-JT Allows Unauthorized Access
June 10, 2004
W32/Agobot-JT is a backdoor worm that runs in the background as a system process and allows unauthorized remote access to the computer.
The worm copies itself to the Windows system folder as NAVAPSVC.EXE and adds entries to the registry at:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
and
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices to run itself on system restart.
W32/Agobot-JT may also add a number of registry entries at:
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_VIDEO_LINE
HKLM\SYSTEM\ControlSet001\Services\Video line
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VIDEO_LINE
HKLM\SYSTEM\CurrentControlSet\Services\Video line
More information is at Sophos page.
|
|
|
|
|
Cobalt RaQ 4 Security Flaw Detected
Bagle-BK Worm Downloads Code
10/28: Backdoor.Futro a Server Program
Microsoft XP SP2 Blog Watch
4/15: Sdbot-XC Worm Targets Passwords
AntiOnline Spotlight: Trojan Force
6/14: Spybot-CO Spreads via KaZaA Network
Alliance Formed to Finger Hackers
6/10: Agobot-JT Allows Unauthorized Access
4/4: VBS.Kuullio Worm Sends Emails
Phishing Scams Increase 1,200% in 6 Months
Buy Security Camera
 |
