Zotob is a mass-mailing worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability. It performs such actions as disabling the Windows Firewall, steals system information, transfers files via FTP, lowers security settings, and gathers e-mail addresses from the Windows Address Book.
You do not necissarily have to get this virus from an e-mail. The worm
sets itself up as a service and runs on it's own.
If you are running Windows 2000, one of the symptoms of the Zotob worm is that your computer will constantly reboot.
It also uses its own SMTP engine to send itself to the email addresses that it finds. The e-mail may have one of the following subjects:
- *DETECTED* Online User Violation
- Important notification
- Security Measures
- WARNING: Your Services Near to be Closed
- You have successfully updated your password
- Your Account is Suspended
- Your Account is suspended for Security Reasons
- Your Password has been updated
There is an available fix to remove this worm if you are infected. Click here to download the fix. Unzip the FixZotob.exe to your desktop and double click it to run. You may want to run it in Safe Mode for a better chance of success.
Also be sure to get the latest Windows patch for your operating system to prevent infection and close the security hole.
Related Tips:
McAfee Free Online Virus Scan
Symantec DeepSight Alert Service
Microsoft PC Safety Scan
Kaspersky Virus Removal Tools
Back to the Virus Information Index
