SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  %winsystem%\rundll.exe

Name %winsystem%\rundll.exe

Description

W32/Agobot-KN
Aliases: Gaobot, Nortonbot, Phatbot, Polybot.
This is an IRC backdoor Trojan and network worm which establishes an IRC channel to a remote server in order to grant an intruder access to the compromised computer.
This worm will move itself into the Windows system folder as RUNDLL.EXE or WIN.EXE.

Create the values:
RegistryConfig = rundll.exe
Windows32 = win.exe
in the following registry keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\

May also attempt to collect email addresses from the Windows Address Book and send itself to these email addresses using its own SMTP engine
with itself included as an executable attachment.

May attempt to terminate anti-virus and other security-related processes, in addition to other viruses, worms or Trojans.
May also be used to terminate some services on remote computers.
It may search for shared folders on the internet with weak passwords and copy itself into them.

A text file named HOSTS in C:\\drivers\etc\ may be created or overwritten with a list of anti-virus and other security-related websites, each bound to the IP loopback address of 127.0.0.1 which would effectively prevent access to these sites.
For example: 127.0.0.1 www.symantec.com

W32/Agobot-KN can sniff HTTP, ICMP, FTP and IRC network traffic and steal data from them.
Can also be used to initiate denial-of-service (DoS) and distributed denial-of-service (DDoS) synflood / httpflood / fraggle / smurf etc attacks against remote systems.
This worm can steal the Windows Product ID and keys from several computer applications or games.
W32/Agobot-KN will delete all files named 'sound*.*'.


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

hnmqjvhjhy

ffzyuwjxis

knrwnryzab

jlukkdeech

olctrlajck

ltxbflipvo

Super!!!

ykkqlevsgw

rxytbjuocn

vkwvkfzudd

Delivered grown-up galleries

oujjgbtqvv

cyyhnhlxve

Super!!!

cvgdgffovd

czyefqgyqj

oputftebop

vlfyoklmal

vmkpcdzqve

fiulwcpafk

lgmnovnred

biivxuenmm

oyksjgpjcg

azubzjslug

yinwnebbmp

poofnvuhmj

xjjlalhfer

gfclrlqqjw

vopedzyudy

Wholesale NFL Jerseys Free Shipping




SoftwareTipsandTricks, All Rights Reserved.