RBot represents the large family of backdoors - hacker's remote
access tools. These tools allow to contol victims' computers
remotely by sending specific commands via IRC channels. Also
these backdoors can steal data, spread to local network and to
computers vulnerable to exploits.
Disinfection
F-Secure provides the special disinfection utility to eliminate
RBot backdoor infection. You can download this utility from our
ftp site:
F-Secure Anti-Virus starting from version 5.40 can disinfect a
computer infected with RBot automatically by renaming the
backdoor's file. A computer has to be restarted to complete
disinfection.
Manual disinfection for RBot backdoor requires renaming of an
infected file, usually located in Windows or Windows System
folder and restarting a system. Please note that the backdoor's
file may have read-only, system and hidden attributes, so Windows
Explorer has to be configured to show such files.
If the infection is in a local network, please follow the
instructions on this webpage:
F-Secure Anti-Virus detects many RBot backdoor variants
generically as 'Backdoor.RBot.gen'. Some of them are detected
exactly. At the moment of the creation of this description FSAV
detected Backdoor.RBot.A - Backdoor.RBot.BM variants exactly.
