It connects to several IRC servers in order to receive remote control commands. It deletes several adware, spyware programs and previous variants of itself. It spreads across the Internet by exploiting the Plug and Play vulnerability.

Windows 2003/XP/2000/NT/ME/98

Zotob.D is a worm that connects to several IRC servers in order to receive remote control commands to be carried out on the affected computer.

Additionally, it searches for adware and spyware programs, as well as previous variants of itself, and it deletes the files and entries of the Windows Registry related to them.

Zotob.D spreads across the Internet, by exploiting the Plug and Play vulnerability.

If you have a Windows 2003/XP/2000 computer, it is highly recommendable to download the security patch for the Plug and Play vulnerability from the Microsoft website.

Click on the picture below to see a full-size diagram of the characteristics of Zotob.D and how to protect your computer against them.

Zotob.D is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.