| Port No | 61440 |
| Service Name | Gaobot |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This worm exploits certain vulnerabilities to propagate. It takes advantage of the following Windows vulnerabilities:
Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability IIS5/WEBDAV Buffer Overflow vulnerability RPC Locator Vulnerability |
| Reference Link | Worm/Agobot.11.BE |
| Attack | Solution Removing Autostart Entries from the Registry Removing autostart entries from the registry prevents the malware from executing during startup. br>To remove the malware autostart entries: Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter. In the left panel, double-click the following: HKEY_LOCAL_MACHINE>Software>Microsoft> Windows>CurrentVersion>Run In the right panel, locate and delete the entry: Windows Communicator=”wincom.exe” In the left panel, double-click the following: HKEY_LOCAL_MACHINE>Software>Microsoft>Windows> CurrentVersion>RunServices In the right panel, locate and delete the entry or entries: Windows Communicator=”wincom.exe” Close Registry Editor. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.