Debe estar conectado para participar
Buscar en los foros:


 






Uso de Comodín:
*    coincide cualquier número de caracteres
%    coincide exactamente un caracter

w32.agobot

No hay Etiquetas
Entrada
Extreme Level

matibene

entradas: 1221

02:29 21/03/2008

1

tengo un problema con este worm

que infecta directament en : c:\windows\cssrs.exe

trate de borrarlo desde regedit pero vuelve aparecer cada vez que lo borro.

que recomiendan hacer?

desde ya gracias

Hardcore Extreme Level

pabloc74

entradas: 18123

05:21 21/03/2008

2

Dangerous cssrs.exe – Dangerous
cssrs.exe
WORM_AGOBOT.FX
This is memory-resident worm. It drops and executes a copy of itself as the file CSSRS.EXE.
It takes advantage of the following system vulnerabilities:
DCOM RPC vulnerability using TCP port 135
RPC Locator vulnerability using TCP port 445
WebDav vulnerability using TCP port 80

Attempt to gain access to specific shared folders on the network using a predefined list of user names and passwords.
Connect to an IRC channel and listens for commands from a remote user.
Allow the malicious user to perform several tasks on a damage system.
Terminate antivirus processes, firewall programs, and system tools. It runs on Windows NT, 2000, and XP.

Manual removal:
Delete this keys:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>Curr entVersion>Run
WinFX = "cssrs.exe"
Display Drivers = "cssrs.exe"

HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>Curr entVersion>RunServices
In the right panel, locate and delete the entry:
WinFX = "cssrs.exe"
Display Drivers = "cssrs.exe"

HKEY_LOCAL_MACHINE>System>CurrentControlSet>Servic es>Driver

Also download and install the critical patches from the Microsoft site:
Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS03-001
Microsoft Security Bulletin MS03-007

a mi me anduvo

Extreme Level

matibene

entradas: 1221

05:23 21/03/2008

3
Cita Iniciado por pabloc74
Ver Mensaje
Dangerous cssrs.exe – Dangerous
cssrs.exe
WORM_AGOBOT.FX
This is memory-resident worm. It drops and executes a copy of itself as the file CSSRS.EXE.
It takes advantage of the following system vulnerabilities:
DCOM RPC vulnerability using TCP port 135
RPC Locator vulnerability using TCP port 445
WebDav vulnerability using TCP port 80

Attempt to gain access to specific shared folders on the network using a predefined list of user names and passwords.
Connect to an IRC channel and listens for commands from a remote user.
Allow the malicious user to perform several tasks on a damage system.
Terminate antivirus processes, firewall programs, and system tools. It runs on Windows NT, 2000, and XP.

Manual removal:
Delete this keys:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>Curr entVersion>Run
WinFX = "cssrs.exe"
Display Drivers = "cssrs.exe"

HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>Curr entVersion>RunServices
In the right panel, locate and delete the entry:
WinFX = "cssrs.exe"
Display Drivers = "cssrs.exe"

HKEY_LOCAL_MACHINE>System>CurrentControlSet>Servic es>Driver

Also download and install the critical patches from the Microsoft site:
Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS03-001
Microsoft Security Bulletin MS03-007

a mi me anduvo

seguramente te andubo pero vos tenes el w32.agobot.FX

yo tengo uno sin terminacion, ya probe hacer eso y la verdad que no funciono

gracias de todas formas

Hardcore Extreme Level

Massimen

Rosario

entradas: 3160

11:30 21/03/2008

4

Extreme Level

matibene

entradas: 1221

06:42 22/03/2008

5
Cita Iniciado por Massimen
Ver Mensaje

en realidad no

si te fijas no figura w32.agobot sin ninguna extension

ya probe

igual el worm lo unico que ahce es robar codigos de tarjetas bancarias y de credito

y yo no uso