agobot

Started by whatshisface1 pages
whatshisface Senior Member

agobot

what is the agobot virus and what does it do?

silver_tears Senior Member

🤨 do you have norton?

whatshisface Senior Member

nope

MC Mike Voice of the Voiceless

Then you are screwed. ✅

Actually any Virus Program works but if you don't have one I suggest hiding in a nuclear bunker for 34 days with half a flounder and 2 pints of pure nitrogen. Cheers! 😎

mors823 The Curse is gone

Checked Norton Virus Log. Sorry, but there's nothing. You've found a new virus, COngradulations. Don't spread it. Disconnect you comp from the internet and delete that bug.

MC Mike Voice of the Voiceless
Originally posted by mors823
Checked Norton Virus Log. Sorry, but there's nothing. You've found a new virus, COngradulations. Don't spread it. Disconnect you comp from the internet and delete that bug.

Incorrect! 🙄

Aliases
Backdoor.Agobot.iz, W32/Gaobot.worm.gen.d

Type
Win32 worm

Detection
A virus identity (IDE) file which provides protection is available now from the Latest virus identities section, and will be incorporated into the May 2004 (3.81) release of Sophos Anti-Virus.

Enterprise Manager and PureMessage customers will be automatically protected at their next scheduled update.

At the time of writing, Sophos has received just one report of this worm from the wild.

Description
W32/Agobot-FJ is an IRC backdoor Trojan and peer-to-peer (P2P) worm which opens TCP ports to listen for and process commands received from a remote intruder.
This worm will move itself into the Windows System32 folder under the filename WINII.EXE and create the following registry entries so that it can execute automatically on system restart:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Video Poes = winii.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Video Poes = winii.exe

The following registry entries will also be created:

HKLM\System\CurrentControlSet\Services\Video Poes\
HKLM\System\CurrentControlSet\Enum\Root\Legacy_Video_Poes\

W32/Agobot-FJ will attempt to terminate anti-virus and software firewall processes, in addition to other viruses, worms or Trojans.

Recovery
Please follow the instructions for removing worms.

Check your administrator passwords and review network security.

Change any data that may have become compromised.

Renaming the registry editor

Using Windows explorer, browse to the Windows folder (usually C😬Windows or C😬Winnt) right-click Regedit.exe and make a copy of it.

Rename the copy of Regedit.exe to Regedit.com.

At the taskbar, click Start|Run. Type 'Regedit.com' and press Return. The registry editor opens.
You will also need to edit the following registry entries, if they are present. Please read the warning about editing the registry.
Locate the HKEY_LOCAL_MACHINE entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Video Poes = winii.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Video Poes = winii.exe

and delete them if they exist.

Close the registry editor.

Crash Overload Tonk's Husband

my fatehr was oucned infected By Bugbear.... Scince we are on the same Network at home... It reached my comp...

Dregh Senior Member

I liked the Hoax JMGRDBR or whatever it's name was.

whatshisface Senior Member

my pc won't even let me open my own folders or run a search...

whatshisface Senior Member

i think the agobot and netsky are the same