Zeev's Turnips Patch-No Politics (ZEEV)

[extelecom]

Larry, You are hopeless....
3. Many have already looked at his link and it is a virus info site......
1. Because you don't get popups does not mean that other people don't.
0. I would tell Matt that Geocities may be distributing the popup virus instead of confusing the issue.
13. Here is what is on the site he linked:

WORM_AGOBOT.EU
Overview

Virus type: Worm

Destructive: No

Aliases: W32.HLLW.Gaobot

Pattern file needed: 701

Scan engine needed: 5.400

Overall risk rating: Low
Reported infections: Low

Damage Potential: High

Distribution Potential: High


Description:



This worm exploits certain vulnerabilities to propagate across networks. It takes advantage of the following Windows vulnerabilities:
Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
IIS5/WEBDAV Buffer Overflow vulnerability
RPC Locator Vulnerability

For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS03-001
Microsoft Security Bulletin MS03-007

It attempts to log into systems using a list of user names and passwords. This worm then drops a copy of itself in accessed machines.

It also terminates antivirus-related processes and dropped files by other malware. This worm steals CD keys of certain game applications, then sends gathered data to a remote user via mIRC, a chat application. It also has backdoor capabilities and may execute remote commands in the host machine.

It runs on Windows NT, 2000 and XP.

Solution:



AUTOMATIC REMOVAL INSTRUCTIONS

To automatically remove this malware from your system, please refer to the Trend Micro Damage Cleanup Services.

MANUAL REMOVAL INSTRUCTIONS

Terminating the Malware Program

This procedure terminates the running malware process from memory.
Open Windows Task Manager. Press
CTRL+SHIFT+ESC, and click the Processes tab.
In the list of running programs, locate the process:
SVDHOST.EXE
EXPLORE.EXE
Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.

Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing during startup.

To remove the malware autostart entries:
Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entries:
Windows update = svdhost.exe
Windows update = explore.exe
Note: %System32% is the Windows system folder, which is usually C:\WINNT\System32 on Windows NT and 2000, and C:\Windows\System32 on Windows XP.

In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>
CurrentVersion>RunServices
In the right panel, locate and delete the entries:
Windows update = svdhost.exe
Windows update = explore.exe
Close Registry Editor.
NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system.

Additional Windows XP Cleaning Instructions

Running Trend Micro Antivirus

Scan your system with Trend Micro antivirus and delete all files detected as WORM_AGOBOT.EU. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro?s free online virus scanner.

Applying Patches

This malware exploits known vulnerabilities affecting the Windows NT platforms. Download and install the following to patch your system.

IIS5/WEBDAV vulnerability patch

Windows NT

http://microsoft.com/downloads/details.aspx?FamilyId=9A64851A-05AE-4912-9967-3AA3B4D5A76F&displa...

Windows NT Terminal Server

http://microsoft.com/downloads/details.aspx?FamilyId=AE57F47F-DC4D-40E9-8879-41A09767111F&displa...

Windows XP 32 bit

http://microsoft.com/downloads/details.aspx?FamilyId=84FC577D-F2D5-47B8-AB98-77BA7501B00B&displa...

Windows XP 64 bit

http://microsoft.com/downloads/details.aspx?FamilyId=97945A5D-DB0B-40F8-9A2E-DE93CBB5CB3A&displa...

DCOM Patch

WindowsNT

http://microsoft.com/downloads/details.aspx?FamilyId=F92D1E86-590A-4DA5-93F2-FCC6300A1A43&displa...

WindowsNT Terminal Server

http://microsoft.com/downloads/details.aspx?FamilyId=EB651162-97F2-47F9-8E99-016B35B7646D&displa...

Windows 2000

http://microsoft.com/downloads/details.aspx?FamilyId=33FF827A-D5DB-4F92-9DEF-4D91A140E0E0&displa...

WindowsXP 32bit

http://microsoft.com/downloads/details.aspx?FamilyId=DF24197E-6217-4ABD-A244-0A53320B2813&displa...

WindowsXP 64bit

http://microsoft.com/downloads/details.aspx?FamilyId=B8999D16-3DAD-4E20-B46E-E1AEFB1F6673&displa...

RPC Patch

Windows NT

http://www.microsoft.com/downloads/details.aspx?FamilyId=2CC66F4E-217E-4FA7-BDBF-DF77A0B9303F&di...

Windows NT Terminal Server

http://www.microsoft.com/downloads/details.aspx?FamilyId=6C0F0160-64FA-424C-A3C1-C9FAD2DC65CA&di...

Windows 2000

http://www.microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&di...

Windows XP 32 bit

http://www.microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC-9532-3DE40F69C074&di...

Windows XP 64bit

http://www.microsoft.com/downloads/details.aspx?FamilyId=F8E0FF3A-9F4C-4061-9009-3A212458E92E&di...

Windows 2003 server 64 bit

http://www.microsoft.com/downloads/details.aspx?FamilyId=2B566973-C3F0-4EC1-995F-017E35692BC7&di...

Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business or home PC.


For additional information about this threat, see Technical Details.