Discovered on: June 02, 2004
Description: W32.Korgo.G is a minor variant of
W32.Korgo.C. It is a worm that attempts to propagate by exploiting the
Microsoft Windows LSASS Buffer Overrun Vulnerability (BID 10108) on TCP
port 445. It also listens on TCP ports 113, 3067, and other random ports
Removal Instructions For Symantec & Norton Users:
- Disable System Restore (Windows Me/XP).
- Update the virus definitions.
- Reverse the changes that was added to the registry and restart
computer.
- Run a full system scan and delete all the files detected as
W32.Korgo.G.
Removal Instructions For Mcafee Users:
WindowsME
1. Right click the My Computer icon on the Desktop and click on
Properties.
2. Click on the Performance tab.
3. Click on the File System button.
4. Click on the Troubleshooting tab.
5. Put a check mark next to 'Disable System Restore'.
6. Click the 'OK' button.
7. You will be prompted to restart the computer. Click Yes.
WindowsXP
1. Right click the My Computer icon on the Desktop and click on
Properties.
2. Click on the System Restore tab.
3. Put a check mark next to 'Turn off System Restore on All Drives'.
4. Click the 'OK' button.
5. You will be prompted to restart the computer. Click Yes.
