|W32.HLLW.Gaobot.gen is a family of worms that infects computers through various exploits.
It also opens backdoors to infected computers through IRC.
The worm does the following:
Copies itself to the %System% folder.
The file names vary, and are often chosen to resemble the names of legitimate Windows system files.
Some examples include Csrrs.exe, Scvhost.exe, and System.exe.
Adds a value in the form
"" = ""
"Configuration Loader" = "Service.exe"
to the registry keys:
May create a registry key:
and add a value in the form:
= "%System%\" -service
"Configuration Loader" = "%System%\Service.exe" -service
Connects to an IRC server, using its own IRC client, and then listens for commands to do any of the following:
Download and execute files
Steal system information
Send the worm to other IRC users
Add new accounts
Perform Denial of Service (DoS) attacks
Terminates antivirus and firewall software, as well as the process names associated with other worms.
Remove it with antivirus (also check How To Remove section)Startup Optimizer.