We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Worm:Win32/Korgo.AB
Detected by Microsoft Defender Antivirus
Aliases: W32/Korgo.worm.ad (McAfee)
Summary
Win32/Korgo.AB.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm monitors TCP ports and opens a backdoor to allow unauthorized access to infected computers. A computer infected with this worm may crash and reboot unexpectedly.
To manually recover from infection by Win32/Korgo.AB.worm, perform the following steps:
- Stop the computer from restarting.
- Disconnect from the Internet.
- Restart your computer.
- Take steps to prevent re-infection.
Stop the computer from restarting
First, prevent the computer from spontaneously rebooting by disabling system shutdown.
To disable system shutdown
- Click Start, and then click Run.
- In the Open field, type shutdown -a
- Press Enter.
Disconnect from the Internet
To help ensure that your computer is not actively infecting other computers, disconnect it from the Internet before proceeding. Print this Web page or save a copy on your computer; then unplug your network cable and disable your wireless connection. You can reconnect to the Internet after completing these steps.
Restart your computer
To restart your computer
- On the Start menu, click Shut Down.
- Select Restart from the drop-down list and click OK.
Take steps to prevent re-infection
Do not reconnect your computer to the Internet until the computer is protected from re-infection. See the "Preventing Infection" section for more information.
Follow us
