MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

Hijacked Browser Analysis

4-counter.com 3721

C2.lop browser hijacker

CWShredder

Edmond.exe

Intercom.exe Spyware

MWSOEMON.EXE - MyWebSearch

SearchPage CC Spyware

Spin4Dough Spyware

Sqwire.com home page hijack
Home » Spyware Protection » Hijacked Browser Analysis » Re: HijackThisLog Analysis - John » 

wintcp.exe

System may have been infected with W32 / Agobot-ZH. W32 / Agobot-ZH copies itself to network shares with weak passwords and attempts to spread to computers using the DCOM RPC and RPC locator vulnerabilities. These vulnerabilities allow the worm to execute its code on target computers with system level privileges. For further information on these vulnerabilities and for details on how to patch the computer against such attacks please see Microsoft security bulletins MS03-026 and MS03-001. W32 / Agobot-ZH connects to a remote IRC server and joins a specific channel. The backdoor functionality of the worm can then be accessed by an attacker using the IRC network. The worm also attempts to terminate and disable various security related programs.


commentPost your comment 
Mail this pageMail this page

MAC-NET Secures IT | internet toolkit

© 2004-2008. All Rights Reserved.