BackDoor.Ircbot.AU, Backdoor.SdBot.utq, Backdoor:Win32/IRCbot.H, Generic.Sdbot.A285250D, W32/[email protected]
W32/Ircbot.AVP, Win32/Xabot.C, Win32:IRCBot-C [Trj], Worm/IrcBot.65536, WORM_IRCBOT.B
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
09 Nov 2003
The W32.Xabot.Worm program is a worm that spread itself via file-sharing networks and IRC. It also has back door Trojan Horse capabilities that permits a hacker to control a compromised computer. The existence of wininit32.exe file is an indication of a possible infection. The worm affects Windows operating system such as Windows 95, Windows 2000, Windows 98, Windows NT, Windows Me, Windows XP, and Windows Server 2003.
W32.Xabot.Worm Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Xabot.Worm from your computer.
More details about W32.Xabot.Worm
W32.Xabot.Worm copies its file to the hard disk of the compromised system. wininit32.exe is its typical file name. Then it makes new start up key as W32.Xabot.Worm file and the value wininit32.exe. You could as well find it in the processes list with name W32.Xabot.Worm or wininit32.exe. This worm propagates itself through file sharing networks and IRC. It has back door Trojan Horse which allows remote attacker to control your compromised PC. Actually, this worm deletes a lot of files in your registry, windows system folder, system folder and other files in your hard drive. It as well modifies value and adds file extensions to the registry key which will then automatically execute the worm when the windows starts.
The computer infected by the W32.Xabot.Worm program may be shutdown or restarted without the user’s consent. The user may be suddenly logged out of their computer user account. Certain system settings may be changed. Known security websites may be blocked using the hosts file. System features such as Task Manager and System Restore may be turned off. The process of security programs may be stopped. Components of anti-malware programs may even be deleted.