Hi everyone,in my system startup list i have a blank entry that just reads HK_CU:run.The entry is 'checked'.When i click on the entry the info that appears on the right is Filename- System32.exe. Description- Added by the Abogot - ku worm! Note has a blank entry under the startup item/name field. Source Paul Collins startup list.
My Avast anti virus scans find nothing,nor did symantecs online free scan or SS&D.My computer is running fine,if anyone else has had this problem,or can advise I would be very grateful.Could it be a mistake.My computer skills are VERY basic cheers.

dobbo777:

I assume that the description was for AGOBOT-KU WORM! as opposed to "Abogot - ku worm!".

It my help someone determine why that description is coming up on that entry if you show the actual startup entry.

You can show the actual startup entry and related information by going into Spybot > Mode > Advanced Mode > Tools > System startup and right clicking on the list, then selecting either "Export" or "Copy to clipboard". If you "Export" the information to a file, double clicking on the file should open it with Notepad. If you "Copy to clipboard", you can paste that into another post in this thread. In either case edit the listing so that only the entry in question is posted.

Dear md usa spybot fan,my sincerest apologies,i did mean Agobot -ku worm.I tried to copy the entry,but it would not copy the info about filename/description/value The only part i could copy was
Located: HK_CU:Run, (DISABLED)
command:
file:
Once again sorry for my lack of skills.However i did manage to find a previous spybot thread from google about the very same problem,which seems to suggest it might be a false positive,wish i had found it earlier.Cheers

The descriptions for System startup entries appear to come from this file:
C:\Program Files\Spybot - Search & Destroy\Includes\Startup.tnfo
The first entry in that file is:

[]
Confirmed=X
Filename=system32.exe
Description=Added by the <a href="http://www.sophos.com/virusinfo/analyses/w32agobotku.html" target=_blank>AGOBOT-KU</a> WORM! Note - has a blank entry under the Startup Item/Name field
Source=Paul Collins Startup list
It appears that the name of the startup entry is compared with the value between the braces ([…]) on the first line of the entry. The first entry in the file above does not any value between the braces. Since the startup entry that you had did not have a name, I believe that this why it matched the description of the first entry in the file. Also note that the description itself indicates "Note - has a blank entry under the Startup Item/Name field".

Since your entire entry was blank and was not starting system32.exe, I do not believe that you have the AGOBOT-KU - WORM!, but that the description was displayed because of the blank name of the entry you have.

I don't real think that you can consider it a "false positive" pre say, but rather a limitation because startup entry descriptions are provided based on the name of the startup entry.

Thanks very much for your prompt replies,you have put my mind at rest.It is great to know people are keen to help others.Thank you,take care.