> Spyware Encyclopedia Page 11 > Backdoor.Agobot

Backdoor.Agobot removal

Spyware Agobot Information
Name: Backdoor.Agobot Category: Backdoor Date: 2004-03-16 Coded in: Compressed with UPX. Dangerous: Yes

Backdoor.Agobot is one of Backdoor spywares.
Allows its authors to gain control over computers & link them into P2P networks. These networks, in turn, can be used to send big amounts of spam e-mail messages or to flood Web sites with information. Finding it on your computer means that your computer is infected with Backdoor and crucial data could be endangered or even lost.

Backdoor.Agobot description by publisher:

Commands: bot.command runs a command with system() bot.unsecure enable shares / enable dcom bot.secure delete shares / disable dcom bot.flushdns flushes the bots dns cache bot.quit quits the bot bot.longuptime If uptime > 7 days then bot will respond bot.sysinfo displays the system info bot.status gives status bot.rndnick makes the bot generate a new random nick bot.removeallbut removes the bot if id does not match bot.remove removes the bot bot.open opens a file (whatever) bot.nick changes the nickname of the bot bot.id displays the id of the current code bot.execute makes the bot execute a .exe bot.dns resolves ip/hostname by dns bot.die terminates the bot bot.about displays the info the author wants you to see shell.disable Disable shell handler shell.enable Enable shell handler shell.handler FallBack handler for shell commands.list Lists all available commands plugin.unload unloads a plugin (not supported yet) plugin.load loads a plugin cvar.saveconfig saves config to a file cvar.loadconfig loads config from a file cvar.set sets the content of a cvar cvar.get gets the content of a cvar cvar.list prints a list of all cvars inst.svcdel deletes a service from scm inst.svcadd adds a service to scm inst.asdel deletes an autostart entry inst.asadd adds an autostart entry logic.ifuptime exec command if uptime is bigger than specified mac.login captures the person in mac.logout captures the person out ftp.update executes a file from a ftp url ftp.execute updates the bot from a ftp url ftp.download downloads a file from ftp http.visit visits an url with a specified referrer http.update executes a file from a http url http.execute updates the bot from a http url http.download downloads a file from http rsl.logoff captures the person off rsl.shutdown shuts the computer down rsl.reboot reboots the computer pctrl.kill kills a process pctrl.list lists all processes scan.stop signal stop to child threads scan.start signal start to child threads scan.disable disables a scanner module scan.enable enables a scanner module scan.clearnetranges clears all netranges registered with the scanner scan.resetnetranges resets netranges to the localhost scan.listnetranges lists all netranges registered with the scanner scan.delnetrange deletes a netrange from the scanner scan.addnetrange adds a netrange to the scanner ddos.phatwonk starts phatwonk flood ddos.phaticmp starts phaticmp flood ddos.phatsyn starts phatsyn flood ddos.stop stops all floods ddos.httpflood starts a HTTP flood ddos.synflood starts an SYN flood ddos.udpflood starts a UDP flood redirect.stop stops all redirects running redirect.socks starts a socks4 proxy redirect.https starts a https proxy redirect.http starts a http proxy redirect.gre starts a gre redirect redirect.tcp starts a tcp port redirect harvest.aol makes the bot get aol stuff harvest.cdkeys makes the bot get a list of cdkeys harvest.emailshttp makes the bot get a list of emails through http harvest.emails makes the bot get a list of emails waste.server changes the server the bot connects to waste.reconnect reconnects to the server waste.raw forwards a raw message to the waste server waste.quit waste.privmsg forwards a privmsg waste.part makes the bot part a channel waste.netinfo prints netinfo waste.mode lets the bot perform a mode change waste.join makes the bot join a channel waste.gethost prints netinfo when host matches waste.getedu prints netinfo when the bot is .edu waste.action lets the bot perform an action waste.disconnect disconnects the bot from waste

This Backdoor is also known as:

•Backdoor.Agobot - named by Kaspersky.
• Backdoor.Agobot.cr - named by Kaspersky.
• Backdoor.Agobot.gen - named by Kaspersky.
• Backdoor.Agobot.ik - named by Kaspersky.
• W32.HLLW.Gaobot.gen - named by Symantec.
• W32/Gaobot.ET.worm - named by Panda.
• W32/Gaobot.FG.worm - named by Panda.
• W32/Gaobot.KY.worm - named by Panda.
• W32/Gaobot.worm.gen - named by McAfee.
• Win32.Agobot.FO - named by Computer Associates.
• Win32.Agobot.NO - named by Computer Associates.
• Win32/Agobot.3.GG trojan - named by Eset.
• Win32/Agobot.3.LO trojan - named by Eset.
• Win32/Agobot.IK trojan - named by Eset.
• Win32/Agobot.NO!Worm - named by Computer Associates.
• Win32/Agobot.Variant!Worm - named by Computer Associates.

>> Delete Backdoor.Agobot automatically - Download Spyware Doctor

Backdoor.Agobot Removal Instructions

Delete these registry entries

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\windows firewalll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\generic service process
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windows firewalll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\wsaconfiguration
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices\generic service process
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices\windows firewalll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices\wsaconfiguration

Bookmark Backdoor.Agobot page

Previous Spyware: Remove Backdoor.Agent.m

Next Spyware: Remove Backdoor.Agobot.015.d