W32.Xabot.Worm


Aliases: BackDoor.Ircbot.AU, Backdoor.SdBot.utq, Backdoor:Win32/IRCbot.H, Generic.Sdbot.A285250D, W32/Agobot.PP@p2p
Variants: W32/Ircbot.AVP, Win32/Xabot.C, Win32:IRCBot-C [Trj], Worm/IrcBot.65536, WORM_IRCBOT.B

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 09 Nov 2003
Damage: Medium

Characteristics: The W32.Xabot.Worm program is a worm that spread itself via file-sharing networks and IRC. It also has back door Trojan Horse capabilities that permits a hacker to control a compromised computer. The existence of wininit32.exe file is an indication of a possible infection. The worm affects Windows operating system such as Windows 95, Windows 2000, Windows 98, Windows NT, Windows Me, Windows XP, and Windows Server 2003.

More details about W32.Xabot.Worm

W32.Xabot.Worm copies its file to the hard disk of the compromised system. wininit32.exe is its typical file name. Then it makes new start up key as W32.Xabot.Worm file and the value wininit32.exe. You could as well find it in the processes list with name W32.Xabot.Worm or wininit32.exe. This worm propagates itself through file sharing networks and IRC. It has back door Trojan Horse which allows remote attacker to control your compromised PC. Actually, this worm deletes a lot of files in your registry, windows system folder, system folder and other files in your hard drive. It as well modifies value and adds file extensions to the registry key which will then automatically execute the worm when the windows starts.

The computer infected by the W32.Xabot.Worm program may be shutdown or restarted without the user’s consent. The user may be suddenly logged out of their computer user account. Certain system settings may be changed. Known security websites may be blocked using the hosts file. System features such as Task Manager and System Restore may be turned off. The process of security programs may be stopped. Components of anti-malware programs may even be deleted.