Skip to main content
Microsoft Security Intelligence
Published Aug 17, 2005 | Updated Sep 15, 2017


Detected by Microsoft Defender Antivirus

Aliases: W32/Zotob.worm (McAfee) W32/Zotob.worm.gen (McAfee) W32.Zotob (Symantec) W32/Bozor.A.worm (Panda) WORM_MYTOB.JS (Trend Micro) W32/Zotob-A (Sophos) Zotob.A (F-secure) Win32/Zotob.A!Worm (CA) (Kaspersky)


Windows Defender Antivirus detects and removes this threat.
Win32/Zotob is a network worm that primarily targets Microsoft Windows 2000 computers that do not have Microsoft Security Bulletin MS05-039 installed. MS05-039 patches the Windows Plug-and-Play buffer overflow vulnerability.
Win32/Zotob can also infect computers running other Windows operating systems if it is delivered through email, instant messaging, or other routes. The worm has a backdoor component that connects to an IRC server to receive commands from attackers.

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find hidden malware.

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Follow us