Know Your Malware: Loxbot.d Removal

Loxbot.d is a dangerous Internet worm, which uses AOL Instant Messenger to spread through messages containing malicious links that silently download and install the parasite. Once executed, Loxbot.d runs its payload and spreading routine. The worm disables the Windows Firewall, Security Center and several other Windows essential components. It drops a rootkit that allows the remote intruder to break into the infected system. Loxbot.d also runs a backdoor controlled through the IRC network. This backdoor gives the attacker remote unauthorized access to the compromised computer. It allows to download and execute arbitrary files, update the worm and perform other less dangerous actions. Loxbot.d automatically runs on every Windows startup.

Related files: lockbar.exe, msdirectx.sys, xz.bat

Loxbot.d properties:
Allows remote user connection
Connects itself to the internet
Hides from the user
Stays resident in background Remove Loxbot.d, removal instructions

Linked by shanmuga Saturday, 7th January 2006 9:27PM