Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


ZOTOB WORM SPREADS IN THE WILD

Virus Name  : W32.Zotob.A

Alias             : W32/Zotob.Worm, Net-Worm.Win32.Mytob.CD, WORM_ZOTOB.A, I-Worm/Zotob

Virus type    : Internet worm

Threat level : Medium

Virus details :

                     Zotob is a network Worm, exploits LSASS and Microsoft Windows Plug and Play Service (PNP) vulnerabilities present in Windows as explained by Microsoft Security Bulletin MS04-011 and MS05-039.

                     When the worm file is executed, copies itself to Windows System folder as Botzop.exe in the background. Zotob modifies registry run section to load automatically on the next startup. The registry modification is given below.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"WINDOWS SYSTEM" = "botzor.exe"

"HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
"WINDOWS SYSTEM" = "botzor.exe"

                     Zotob worm generates random IP addresses, and it will try to infect vulnerable computers. The worm also modifies the hosts file to block antivirus sites. Zotob worm appeared on 14th August 2005.

                     Microsoft has released the patch for the MS04-011 and MS05-039 vulnerabilities. They can be downloaded from the following links:

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

http://www.microsoft.com/technet/security/bulletin/ms05-039.mspx

How can I protect my system?

                   Solo has incorporated W32.Zotob.A in its signature file to protect users from this worm attack. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats. 

How to remove this worm?

                   Solo antivirus can detect and remove W32.Zotob.A and its variants safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link