The Agobot.VS variant was found on October 27th, 2004. We
received several reports about it from the field. This backdoor
is functionality similar to previous Agobot variants.
Disinfection
The most important step of disinfection is the installation of
security patches for the vulnerabilities exploited by Agobot.
Detailed information and patches are available from the following
pages:
Manual disinfection of this Agobot variant requires killing the
backdoor's process in memory and deletion of the infected file
from Windows System folder. The file name is 'winl0g0n.exe'.
There are zeroes instead of 'o' letters in the file name: do not
confuse this file with a Windows component named 'winlogon.exe'!
If the infection is in a local network, please follow the
instructions on this webpage: