The security response team at Symantec said it had increased the threat level warning on W32.Korgo.F worm from a level two to a level three. However, according to Symantec the threat is still categorised as "well-contained".
Symantec announced the presence of the W32.Korgo.F worm in April of this year, which they say attempts to circulate itself using a Microsoft Windows vulnerability.
According to Symantec, computers using un-patched Windows 2000 and Windows XP operating systems are susceptible to the worm's attack, which opens a back door to the Microsoft system through TCP ports 113 and 3067.
Senior director of Symantec Security Response, Alfred Huger, said the worm is another example of why users need to be diligent in using security patches.
"This backdoor functionality could result in a loss of confidential data and may also compromise security settings," said Huger.
The Symantec Security Response team advises computer uses to apply the Microsoft LSASS Buffer Overrun Vulnerability patch as soon as possible.
I (NAV) discovered this worm on my computer at the beginning of July. I immediately downloaded the Korgo Removal tool from Symantec which could not find the worm and I couldn't do anyhing (delete, rename etc) the one file that was found by NAV. At the time I didn't have the time nor resources to undertake any further action. Now if I try to run an AV programme (inlcuding NAV), or regedit, or command or taskman) they 'flick' open then immmediately close again. My computer wasn't supplied with an OS disk on purchase so I can't reload the OS in a temp directory to run a virus scan and I can't get into regedit to attempt to fix the problems. From my end this appears to be a fairly significant infection, despite Symnatec's reassurances. (And, yes I have downloaded the MS patch).
Any ideas on what I can try next? I have spoken to a number of service people regarding the problem and they all keep mentioning the word 'format'. If this is really the only solution I probably don't need to pay them the $200 to have it done. My other problem is that the NAV software was not supplied separately with the computer on purchase either.....