VanBot.BR is a family of IRC bot-based backdoors that can be commanded to copy itself to remote computers with the help of known exploits.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
VanBot.BR is a family of IRC bot-based backdoors that can be commanded to copy itself to remote computers with the help of known exploits. When it arrives on an infected computer it copies itself to the Windows System folder with the name of runapidll.exe and creates several startup strings in the Registry:
It creates the following mutex while running and active in memory:
Once active, the backdoor connects to IRC servers and joins a particular IRC channel to listen for remote commands from the attacker.As common with IRC-based bots, VanBot.BR can do any of the following: