Allow F-Secure Anti-Virus to disinfect the relevant files.
For more general information on disinfection, please see Removal Instructions.
For general instructions on disinfecting a local network infection, please see Eliminating A Local Network Outbreak.
Caution: Manual disinfection is a risky process; it is recommended only for advanced users.
Manual disinfection for Agobot backdoor requires renaming of an infected file, usually located in Windows or Windows System folder and restarting a system. Please note that the backdoor's file may have read-only, system and hidden attributes, so Windows Explorer has to be configured to show such files.
Agobot is an IRC-controlled backdoor with network spreading capabilities.
When spreading it can exploit several vulnerabilities:
RPC/DCOM and RPC/Locator is used when the worm tries to spread automatically.
Other spreading methods like the WebDAV exploit can be activated through IRC commands.