agobot

what is the agobot virus and what does it do?

do you have norton?

nope

Then you are screwed.


Actually any Virus Program works but if you don't have one I suggest hiding in a nuclear bunker for 34 days with half a flounder and 2 pints of pure nitrogen. Cheers!

Checked Norton Virus Log. Sorry, but there's nothing. You've found a new virus, COngradulations. Don't spread it. Disconnect you comp from the internet and delete that bug.

Incorrect!

Aliases
Backdoor.Agobot.iz, W32/Gaobot.worm.gen.d

Type
Win32 worm

Detection
A virus identity (IDE) file which provides protection is available now from the Latest virus identities section, and will be incorporated into the May 2004 (3.81) release of Sophos Anti-Virus.


Enterprise Manager and PureMessage customers will be automatically protected at their next scheduled update.

At the time of writing, Sophos has received just one report of this worm from the wild.


Description
W32/Agobot-FJ is an IRC backdoor Trojan and peer-to-peer (P2P) worm which opens TCP ports to listen for and process commands received from a remote intruder.
This worm will move itself into the Windows System32 folder under the filename WINII.EXE and create the following registry entries so that it can execute automatically on system restart:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
\
Video Poes = winii.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Services\
Video Poes = winii.exe

The following registry entries will also be created:

HKLM\System\CurrentControlSet\Services\Video Poes\
HKLM\System\CurrentControlSet\Enum\Root\Legacy_Vid
eo_Poes\

W32/Agobot-FJ will attempt to terminate anti-virus and software firewall processes, in addition to other viruses, worms or Trojans.


Recovery
Please follow the instructions for removing worms.

Check your administrator passwords and review network security.

Change any data that may have become compromised.

Renaming the registry editor

Using Windows explorer, browse to the Windows folder (usually CWindows or CWinnt) right-click Regedit.exe and make a copy of it.

Rename the copy of Regedit.exe to Regedit.com.

At the taskbar, click Start|Run. Type 'Regedit.com' and press Return. The registry editor opens.
You will also need to edit the following registry entries, if they are present. Please read the warning about editing the registry.
Locate the HKEY_LOCAL_MACHINE entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
\
Video Poes = winii.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Services\
Video Poes = winii.exe

and delete them if they exist.

Close the registry editor.

my fatehr was oucned infected By Bugbear.... Scince we are on the same Network at home... It reached my comp...

I liked the Hoax JMGRDBR or whatever it's name was.

my pc won't even let me open my own folders or run a search...

i think the agobot and netsky are the same