|
Name of virus: W32.Korgo worm
Type of virus: WormSystems
Systems Affected: Windows 2000/XP
What does it do?
W32.Korgo.X variant is a worm that attempts to propagate byexploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability onTCP port 445. This self- executing worm spreads by exploiting this Microsoft Windows vulnerability:MS04-011 vulnerability (CAN-2003-0533) http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
The worm spreads with a random filename and acts as a remote access server to allow an attacker to control the compromised system. This variant also attempts to download and execute a file from a remote Website.
Removal Instructions:
1. You need to download the latest Stinger utility from our public domain on \\nas2\publicsw. Stinger is a stand-alone utility used to detect and remove specific viruses. The current Stinger utility version 2.3.0.0 which was built on 5 July 2004 should be able to remove W32.Korgo variants. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system.
2. Click here for instructions on Running Stinger.
For our Centre users, you can contact your IT personnel for assistance. If you have any difficulties, please contact our Helpdesk on Ext 2117.
|
