Spyware free software spyware removal Anti Spyware software free spyware check adware spyware remover anti virus downloadAnti Spyware Software
Spyware Detector - HomeSpyware Detector - PurchaseSpyware Detector - AffiliatesSpyware Detector - Download UpdatesSpyware Detector -FAQSpyware Detector -Contact Us

Home/ Spyware Encyclopedia / Backdoor.Agobot

 Backdoor.Agobot Technical Details
 CategoryBackdoor
 Discovered 4/15/2005 00:00:00 AM
 Modified 7/17/2008 16:21:00 PM
 Threat LevelCritical
 DescriptionA Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to be used by the attacker for malicious purposes unknown to the user.
 SummaryThe hosts file was updated with the following url-to-ip mappings: n/a
The following http urls were started:
www.54699.com
192.168.1.1
Generated smtp traffic: n/a
Connection(s) established with remote IRC Server: n/a
The following hidden entries created: n/a
The following internet connection was established:
121.10.108.227:80
192.168.1.54:80
 When the Backdoor is executed, it creates the following files:
 
NameVersionPublisherSignature (MD5)File Size (in Bytes)
..\temp\23597b58.tmp  26fe0aab3dcfb5881dd48e5858f492a0102
..\temp\5e1f4e0b.tmp  a4966f186825d1cb5a5aa85a2478576b122
..\temp\5e1f4e0b.tmp  b12ee1d9244000ba10858521a28a7dba122
..\temp\621b0cc6.tmp  a396cb79c3ad46469bfe2e81aca69c6e108
..\temp\696d1eb8.tmp  9561a6bf199ed152118197282639a173106
..\temp\b982f3bd.tmp  16ca565fa08fa98b42e7702a75678a2f111
..\temp\cb0076d5.tmp  6427b87f74138040ba748955012f0a63107
..\hcwc\pb.exe  a2930fec1dc177f5ca7830bbc66ad211 
..\003e23ea.exe  0A2636AD88458783B23A992A491D0E57 303104
..\00e58058.exe  7EAD0602D26D3BF9B7888351569BDAE6 106492
..\0146e432.exe  9C150A308F17DBAA894DAFC377C69708 53760
..\015f8427.exe  D8FC76EF87B1B09D52FDE230998A50E9 119645
..\016bd564.exe  08F5B27A050939B14BD7BC446E04AE7A 357376
..\01d901bc.exe  F67DF351075B19203C34A17E409A52B2 294912
..\02760af5.exe  862237874144675C6F3273D527425D05 99328
..\02a5f0dd.exe  86B3B20B73DDFEE212E6140AF2A9D14F 294912
..\0332e86b.exe  6CBB27AA82EFC7CC6130C9A83EC9E0C5 
..\0390a1df.exe  687E7143D4D5A0999D0D4DC086282AE2 278528
..\03f5b1fd.exe  03103C58659319D988811E1A280DB671 315626
..\0400c9ea.exe1.0.0.1 BD667A785FAB4341E4BE75DB3158D54E 65536
..\05ac82ca.exe  6AA0E23649E25EBB2178F58265245771 129536
..\05e40c25.exe  FAF6467E6395E76C7D19798777DF0BBE 178470
..\06d19547.exe  4780EB6DFB952D906EC372831DE2C474 323584
..\06d81e72.exe  156A8C0F26B133347D4E121DA28E4448 253952
..\06de3740.exe  99BDEEE5B2AC9C0541185A97FD0369EF 294912
 When the Backdoor is executed, it creates the following Registry entries:
 
..\software\microsoft\ole\"windows system configuration"
..\Software\Microsoft\Windows\CurrentVersion\run\"Microsoft Windows updater"
..\Software\Microsoft\Windows\CurrentVersion\run\"scvhost"
..\Software\Microsoft\Windows\CurrentVersion\run\"service scheduler"
..\software\microsoft\windows\currentversion\runonce\"win32 configuration"
..\software\microsoft\windows\currentversion\runonce\"wincfg"
..\Software\Microsoft\Windows\CurrentVersion\run\"lmapl"
..\software\microsoft\windows\currentversion\run\"nsdcmd vid process"
..\software\microsoft\windows\currentversion\run\"s3 internal chip"
..\Software\Microsoft\Windows\CurrentVersion\run\"service scheduler"
..\software\microsoft\windows\currentversion\run\"updater service process"
..\Software\Microsoft\Windows\CurrentVersion\run\"win32 processer"
..\software\microsoft\windows\currentversion\run\"wsaconfiguration"
..\software\microsoft\windows\currentversion\run\windows service\"windat.exe"
..\Software\Microsoft\Windows\CurrentVersion\run\wmon\"jusched.exe"
..\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\"CONFIGURATION LOADER"
..\Software\Microsoft\Windows\CurrentVersion\runservices\"instant messengers"
..\software\microsoft\windows\currentversion\runservices\"spoolservice"
..\software\microsoft\windows\currentversion\runservices\"video process"
..\software\microsoft\windows\currentversion\runservices\"windows format protections"
..\software\microsoft\windows\currentversion\runservices\"windows system configuration"
..\software\microsoft\ole\"microsoft web update"
..\software\microsoft\windows nt\currentversion\windows\"disablesr"
..\Software\Microsoft\Windows\CurrentVersion\run\"crss"
..\Software\Microsoft\Windows\CurrentVersion\run\"hqi services"
Recommendation to remove Backdoor.Agobot
Spyware Detector can remove Backdoor.Agobot, and thousands of other Spyware definitions, automatically and instantly. Click here to download Spyware Detector and scan for free.
Download Spyware Detector and Scan for FREE
 
Personalized e-Mail support by our Research Team. You send an "Export Log" report to us, we then add new definition and you eliminate spyware found on YOUR PC in the next Live Update. So, not only do you benefit but the whole community enjoys the feedback. 
Speed up your computer and increase browsing performance by deleting Spyware & Adware
Enjoy continuous protection and security with frequent spyware definition updates so you never have to worry about new threats and outdated software.
Surf the web with confidence knowing your online activities aren't being tracked, and your confidential data is secure from prying eyes.
 
Free Spyware Scan
 Search Threats
Testimonials

Read More
Information Desk
Spyware & Adware Categories we scan
  
List of Spyware &
Adware we remove
Submit a Threat
Submit a threat to be reviewed by our research team

Submit a Threat
Home| About Us| Purchase| Contact Us| FAQ| Privacy Policy