Antisource.com  /  Security Forums  /  About  /  FAQs  /  Links  /  Polls  /  Advanced Search     
Register!   Login  
The All Inclusive Security Resource
Defending users and administrators against the
threat of viruses, trojans, spam, spyware, and hackers
Topics
General News
Antivirus Reviews
Network Defense
Spyware
Anti-Spam
Phishing Scams
Virus Alerts
Featured Product

Antivirus for your email server! Virus & content check mail with 5 virus scanning engines. Free 30 day trial available!


Download Free Trial
Security Forums
Desktop Security
Malware Removal Help
Spam Blocking
Patches and Hotfixes

Network Security
Firewalls and Routers
Intrusion Detection
Web Proxies

Antivirus Support
Symantec
McAfee
Trend Micro
Other Antivirus
Quick Resources
About Antisource
Malware Threats Triangle
Free Virus Scan
Virus Map
 

Forbot/Agobot/Gaobot Variant

Wednesday, September 22, 2004
Author: Richard S. Westmoreland
Permalink: 2004092200250367 		Virus Alerts
Email Article to a Colleague Printer-Friendly Version Author's Profile


I have observed a new variant of the Forbot virus, but cannot identify which version. Computer Associates InoculateIT is detecting it but cannot clean it, and the current removal tools provided by Symantec and Sophos do not detect it.

Manual removal is also proving difficult.

This Forbot variant is adding Windows JavaScript Daemon winjsd.exe and WSA Configuration wmon32.exe to the Run/RunOnce/RunServices registry keys. There is also a faulty service installed for Windows JavaScriptDaemon. It is Disabled, but the Recovery option is enabled to Restart the Service upon failure. This service is also marked for deletion, denying the administrator from changing these settings.

I will update this article with more info as I get it.

Update:

This virus was nearly impossible to identify. After a few days InoculateIT and Symantec were able to detect it as Agobot but still had trouble identifying the version. It seems that this Agobot variant drops other trojans.
If you want more information about Agobot and the many exploits it uses, visit:

CA Win32.Agobot Description

Suspect arrested in Phatbot, Agobot malware case

Alarm growing over bot software

Your best defense against Agobot is to keep Windows updated with the latest critical patches and run a personal firewall program that incorporates IDS signatures. Make sure your network passwords are not weak, since some Agobot variants use brute force attacks against network accounts.  

Comment about Forbot/Agobot/Gaobot Variant | 0 comments |

The following comments are owned by whomever posted them. This site is not responsible for what they say.

 
 Copyright © 2010 Antisource
 All trademarks and copyrights on this page are owned by their respective owners.
Running GeekLog | Privacy Policy | Created this page in 0.15 seconds | Site Stats | RSS Feed xml