The following registry entries are created to run NSYS32. Agobot is an IRC-controlled backdoor with network spreading capabilities. But the attackers did follow a pattern consistent with the Agobot/Phatbot family, which consists of dozens of variants on a worm called Agobot that was created in northern Europe in the late 1990s. with the assortment of arsenal youve made available along with AVG it seems we have finally put these guys into the virus vault.though I would rather them be snuffed out.
W32/Agobot-SU runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. Its not entirely clear which virus or worm corrupted the machines used in a large-scale distributed denial-of-service attack against Akamai last June.
W32/Agobot-SU spreads to other network computers by exploiting common buffer overflow vulnerabilites, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812) and MSSQL (MS02-039) (CAN-2002-0649) and by copying itself to network shares protected by weak passwords. .Agobot POLYTYPEXOR POLYTYPESWAP (swap consecutive bytes) POLYTYPEROR (rotate right) POLYTYPEROL (rotate left) NIDS/Anti-virus eventually.
#Agobot virus windows#
regedit, windows exploder, etc, are functional. the machine is a bit sluggish working with IE.
#Agobot virus update#
i cannot update any of the anti-virus/spyware programs, however, i can navigate with IE. W32/Agobot-SU is a worm and IRC backdoor Trojan for the Windows platform. this one looks like it has agobot and some other stuff.