Wootbot represents the growing family of backdoors - hacker's
remote access tools. These tools allow to contol victims'
computers remotely by sending specific commands to them. Also
these backdoors can steal data and spread to computers vulnerable
to exploits. In addition Wootbot is capable of working as a proxy
and can use strong encryption of its connections.
Disinfection
F-Secure provides the special disinfection utility to eliminate
WootBot backdoor infection. You can download this utility from
our ftp site:
F-Secure Anti-Virus starting from version 5.40 can disinfect a
computer infected with Wootbot automatically by renaming the
backdoor's file. A computer has to be restarted to complete
disinfection.
Manual disinfection for Wootbot backdoor requires renaming of an
infected file, usually located in Windows or Windows System
folder and restarting a system. Please note that the backdoor's
file may have read-only, system and hidden attributes, so Windows
Explorer has to be configured to show such files.
If the infection is in a local network, please follow the
instructions on this webpage:
F-Secure Anti-Virus detects many Wootbot backdoor variants
generically as 'Backdoor.Win32.Wootbot.gen'. Some of them are
detected exactly. At the moment of the creation of this
description FSAV detected Backdoor.Win32.Wootbot.a -
Backdoor.Win32 Wootbot.g variants exactly.