Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


BOTZOR.EXE PROCESS INFORMATION

Process Name  : Botzor.exe

Process Path : %SYSTEM%\botzor.exe [ C:\Windows\System32\botzor.exe ]

Process type    : Internet Worm

Malware Name : W32.Zotob.A

Alias             : W32/Zotob.Worm, Net-Worm.Win32.Mytob.CD, WORM_ZOTOB.A, I-Worm/Zotob

Threat level : Low

Process Details :

                     Botzor.exe is the main component dropped by Zotob worm. It is a network Worm, exploits LSASS and Microsoft Windows Plug and Play Service (PNP) vulnerabilities present in Windows as explained by Microsoft Security Bulletin MS04-011 and MS05-039.

                     When the worm file is executed, copies itself to Windows System folder as Botzop.exe in the background. Zotob modifies registry run section to load automatically on the next startup. The registry modification is given below.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"WINDOWS SYSTEM" = "botzor.exe"

"HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
"WINDOWS SYSTEM" = "botzor.exe"

                     Zotob worm generates random IP addresses, and it will try to infect vulnerable computers. The worm also modifies the hosts file to block antivirus sites. Zotob worm appeared on 14th August 2005.

                     Microsoft has released the patch for the MS04-011 and MS05-039 vulnerabilities. They can be downloaded from the following links:

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

http://www.microsoft.com/technet/security/bulletin/ms05-039.mspx

How can I protect my system?

                   Solo has incorporated botzor.exe in its signature file to protect users from this worm attack. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats. 

How to remove this worm?

                   Solo antivirus can detect and remove botzor.exe process safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link