Active Scan. Scan your PC free
Download Cloud Antivirus Gratis

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.


Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:Gaobot.LTL
Technical name:W32/Gaobot.LTL.worm
Threat level:Low

It connects to IRC servers in order to receive remote control commands and prevents users from accessing websites belonging to several computer security companies. It exploits the vulnerabilities LSASS and RPC DCOM, among others, in order to spread to as many computers as possible, among other means of transmission.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:Jan. 3, 2006
Detection updated on:Jan. 5, 2006
Proactive protection:
Yes, using TruPrevent Technologies

Brief Description 


Gaobot.LTL is a worm that connects to several IRC servers in order to receive remote control commands, acting as a backdoor. It can be instructed to obtain computer passwords, launch DoS (Denial of Service) attacks, scan IP addresses, etc.

This worm also prevents the user from accessing websites belonging to computer security companies. This way, among other consequences, the antivirus programs belonging to such companies could not be updated, which would leave the affected computer vulnerable to the attack of other malware.

Gaobot.LTL uses several different means to spread:

  • Across the Internet by exploiting the vulnerabilities LSASS, RPC DCOM, WebDAV and UPnP.
  • Across networks.
  • Through several peer-to-peer (P2P) file sharing programs.
  • Via AOL Instant Messenger (AIM) and IRC.
  • Via email.


It is highly recommendable to download the security patches for the vulnerabilities LSASS, RPC DCOM, WebDAV and UPnP from the Microsoft website.

Visible Symptoms 


Gaobot.LTL is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.