A remote administration utility that bypasses normal security mechanisms to secretly control a program, computer or network.
Disinfection & Removal
Allow F-Secure Anti-Virus to disinfect the relevant files.
Manual disinfection for RBot backdoor requires renaming of an infected file, usually located in Windows or Windows System folder and restarting a system.
Please note that the backdoor's file may have read-only, system and hidden attributes, so Windows Explorer has to be configured to show such files. For more information, please see the Backdoor description.
Eliminating a Local Network Outbreak
If the infection is in a local network, please follow the instructions on this webpage:
Backdoor:W32/RBot is a large family of backdoors - remote administration utility program that, once installed on a computer, allows a user access and control it over a network or the Internet. When used maliciously, these programs allow a remote attacker to control the infected computer, usually without the knowledge or consent of the system's main user(s).
A remote attacker may use the backdoor to perform a variety of actions, such as stealing data, executing commands on the affected machine or accessing other machines on a local network.
F-Secure Anti-Virus (FSAV) detects many RBot backdoor variants generically as 'Backdoor.RBot.gen'. Some of them are detected exactly. At the moment of the creation of this description FSAV detected Backdoor.RBot.A - Backdoor.RBot.BM variants exactly.