You're in: Panda Security > Home Users > security-info > overview
Active Scan. Scan your PC free
Download Cloud Antivirus Gratis

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.


Threat LevelHigh threatDamageSevereDistributionNot widespread
Common name:Zotob.D
Technical name:W32/Zotob.D.worm
Threat level:Medium

It connects to several IRC servers in order to receive remote control commands. It deletes several adware, spyware programs and previous variants of itself. It spreads across the Internet by exploiting the Plug and Play vulnerability.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98

First detected on:Aug. 16, 2005
Detection updated on:March 6, 2006
Proactive protection:
Yes, using TruPrevent Technologies
Repair utility:Panda QuickRemover

Brief Description 


Zotob.D is a worm that connects to several IRC servers in order to receive remote control commands to be carried out on the affected computer.

Additionally, it searches for adware and spyware programs, as well as previous variants of itself, and it deletes the files and entries of the Windows Registry related to them.

Zotob.D spreads across the Internet, by exploiting the Plug and Play vulnerability.


If you have a Windows 2003/XP/2000 computer, it is highly recommendable to download the security patch for the Plug and Play vulnerability from the Microsoft website.


Click on the picture below to see a full-size diagram of the characteristics of Zotob.D and how to protect your computer against them.

Click on the picture to view a full-size diagram

Visible Symptoms 


Zotob.D is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.