Remove the W32.Codbot WORM
June 27th, 2005 5:24 am
W32.Codbot is a worm that has been popping up throughout the net. It exploits the SQL Sever LSASS and RPC-DCOM process.
W32.Codbot.AL masquerades as a system process which allows it to be run
when the system boots up. Once running it connects to Internet Relay
Chat (IRC) where it can take command to control you sytem.
Instructions to remove W32.Codbot.htm:
http://elamb.blogharbor.com/hacked/codbot.htm