Backdoor.Win32.Rbot.bnb

tag:Backdoors

The code injected in the svchost.exe process can be managed via IRC, and will:

provide a remote malicious user with full access to files on the user
1. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
2. Use Task Manager to terminate all infected svchost.exe processes
3. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This Trojan provides a remote malicious user with access to the victim machine. It is managed via IRC. It is a Windows PE EXE file. The file is 40,717 bytes in size. It is packed using FSG. The unpacked file is approximately 120KB in size.
Installation
When installing, the backdoor launches an svchost.exe process, pauses it, injects code taken from the Trojan’s executable file into the process's address space, and passes control to the process. The backdoor then ceases running.
Payload

previous:Backdoor.Win32.Rbot.gen
previous:Backdoor.Win32.Rbot.bni

New articles

TROJ_ARTIEF.SMThis Trojan exploits the RTF Stack Overflow vulnerability to drop and execute TROJ_INJECT.ART. This Trojan may be unknowingly downloaded by a user while visi...ANDROIDOS_GEINIMI.AThis backdoor may be unknowingly downloaded by a user while visiting malicious websites. Backdoor Routine This backdoor executes the following commands from...P2P-Worm.Win32.BlackControl.gThe malicious program intercepts the user’s requests to various sites and redirects them to a malicious URL. It also contains a tool for sending phishin...Backdoor.Win32.Bredolab.euaA malicious program that receives commands from a management server to download other malware to a computer. To ensure that it is launched automatically when t...Backdoor.Farfli.ABCommonly it commes as an installer so it can drop several files, detected by Bitdefender as adware (Adware.Cinmus) or tojan-downloaders.It modifies the memory o...

Hot Articles

Backdoor.Win32.Rbot.bnb

Computer Virus Clounds