Threat Description



Aliases: Worm:​W32/Korgo, Worm:​W32/Korgo
Category: Malware
Type: Worm
Platform: W32


A standalone malicious program which uses computer or network resources to make complete copies of itself. May include code or other malware to damage both the system and the network.


Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.

Technical Details

Worm:W32/Korgo (aka Padobot) is a family of network worms written by the Russian Hangup Team virus group. It spreads throughout the Internet using a vulnerability in Microsoft Windows LSASS.

A description of the vulnerability can be found in Microsoft Security Bulletin MS04-011.


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More