Threat Description



Aliases: Backdoor:W32/RBot, Backdoor.Rbot.gen, Backdoor.Win32.Rbot.gen, Backdoor.RBot, Backdoor.Win32.RBot, W32/RBot-A
Category: Malware
Type: Backdoor
Platform: W32


A remote administration utility that bypasses normal security mechanisms to secretly control a program, computer or network.


Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

Manual Disinfection

Manual disinfection for RBot backdoor requires renaming of an infected file, usually located in Windows or Windows System folder and restarting a system.

Please note that the backdoor's file may have read-only, system and hidden attributes, so Windows Explorer has to be configured to show such files. For more information, please see the Backdoor description.

Eliminating a Local Network Outbreak

If the infection is in a local network, please follow the instructions on this webpage:

Technical Details

Backdoor:W32/RBot is a large family of backdoors - remote administration utility program that, once installed on a computer, allows a user access and control it over a network or the Internet. When used maliciously, these programs allow a remote attacker to control the infected computer, usually without the knowledge or consent of the system's main user(s).

A remote attacker may use the backdoor to perform a variety of actions, such as stealing data, executing commands on the affected machine or accessing other machines on a local network.


F-Secure Anti-Virus (FSAV) detects many RBot backdoor variants generically as 'Backdoor.RBot.gen'. Some of them are detected exactly. At the moment of the creation of this description FSAV detected Backdoor.RBot.A - Backdoor.RBot.BM variants exactly.


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More