病毒名稱:Win32.Agobot.P
別名:Backdoor.Agobot.3 (Kaspersky), Exploit-DcomRpc.gen (McAfee), MS03-026 Exploit.Trojan , W32.HLLW.Gaobot.AA (Symantec) , W32/Gaobot.worm.y (McAfee), Win32/Agobot.P.Worm, WORM_AGOBOT.P (Trend)
W32.HLLW.Gaobot.AA (Symantec)是一種可以通過IRC(internet線上聊天系統)控制的特洛伊木馬,通過這個程式,他人可以未經授權就控制被感染電腦。同時,它也具有蠕蟲的特性,會利用破解簡單的管理員級帳號口令或是利用DCOM RPC漏洞來進行傳播。它只感染基於Win NT作業系統的電腦。
http://www.sarc.com/avcenter/venc/da...gaobot.aa.html
下載更新,請到下面的鏈結:
http://www.microsoft.com/technet/sec...n/MS03-026.asp http://www.microsoft.com/technet/sec...n/MS03-001.asp
Click Start, and then click Run. (The Run dialog box appears.)
Type regedit
Then click OK. (The Registry Editor opens.)
Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:
"Config Loader"="svchosl.exe"
Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
RunServices
In the right pane, delete the value:
"Config Loader"="svchosl.exe"
Exit the Registry Editor.