Summary

A remote administration utility that bypasses normal security mechanisms to secretly control a program, computer or network.

Disinfection

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

Special Disinfection Tools

F-Secure provides a special disinfection utility program to eliminate an RBot backdoor infection. You can download this utility from site:

The unpacked version is available here:

Disinfection instructions can be found here:

Manual Disinfection

Manual disinfection for RBot backdoor requires renaming of an infected file, usually located in Windows or Windows System folder and restarting a system.

Please note that the backdoor's file may have read-only, system and hidden attributes, so Windows Explorer has to be configured to show such files. For more information, please see the Backdoor description.

Eliminating a Local Network Outbreak

If the infection is in a local network, please follow the instructions on this webpage:

Additional Details

Backdoor:W32/RBot is a large family of backdoors - remote administration utility program that, once installed on a computer, allows a user access and control it over a network or the Internet. When used maliciously, these programs allow a remote attacker to control the infected computer, usually without the knowledge or consent of the system's main user(s).

A remote attacker may use the backdoor to perform a variety of actions, such as stealing data, executing commands on the affected machine or accessing other machines on a local network.

Detection

F-Secure Anti-Virus (FSAV) detects many RBot backdoor variants generically as 'Backdoor.RBot.gen'. Some of them are detected exactly. At the moment of the creation of this description FSAV detected Backdoor.RBot.A - Backdoor.RBot.BM variants exactly.