A remote administration utility that bypasses normal security mechanisms to secretly control a program, computer or network.
Manual disinfection for RBot backdoor requires renaming of an infected file, usually located in Windows or Windows System folder and restarting a system.
Please note that the backdoor's file may have read-only, system and hidden attributes, so Windows Explorer has to be configured to show such files. For more information, please see the Backdoor description.
For general instructions on disinfecting a local network infection, please see Eliminating A Local Network Outbreak.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
Backdoor:W32/RBot is a large family of backdoors - remote administration utility program that, once installed on a computer, allows a user access and control it over a network or the Internet. When used maliciously, these programs allow a remote attacker to control the infected computer, usually without the knowledge or consent of the system's main user(s).
A remote attacker may use the backdoor to perform a variety of actions, such as stealing data, executing commands on the affected machine or accessing other machines on a local network.