1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. Backdoor:W32/RBot

Backdoor:W32/RBot

ALIAS:Backdoor.Rbot.gen, Backdoor.Win32.Rbot.gen, Backdoor.RBot, Backdoor.Win32.RBot, W32/RBot-A
Category:Malware
Type:Backdoor
Platform:W32

Summary

A remote administration utility that bypasses normal security mechanisms to secretly control a program, computer or network.

Disinfection


Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.


Manual Disinfection

Manual disinfection for RBot backdoor requires renaming of an infected file, usually located in Windows or Windows System folder and restarting a system.

Please note that the backdoor's file may have read-only, system and hidden attributes, so Windows Explorer has to be configured to show such files. For more information, please see the Backdoor description.


Eliminating a Local Network Outbreak

If the infection is in a local network, please follow the instructions on this webpage:

Additional Details

Backdoor:W32/RBot is a large family of backdoors - remote administration utility program that, once installed on a computer, allows a user access and control it over a network or the Internet. When used maliciously, these programs allow a remote attacker to control the infected computer, usually without the knowledge or consent of the system's main user(s).

A remote attacker may use the backdoor to perform a variety of actions, such as stealing data, executing commands on the affected machine or accessing other machines on a local network.


Detection

F-Secure Anti-Virus (FSAV) detects many RBot backdoor variants generically as 'Backdoor.RBot.gen'. Some of them are detected exactly. At the moment of the creation of this description FSAV detected Backdoor.RBot.A - Backdoor.RBot.BM variants exactly.