Backdoor:Win32/Rbot.gen!G is a backdoor trojan that allows unauthorized access and control of an affected machine. This malware may also be able to spread in a number of different ways. Typically, the spreading mechanism is started manually by a remote attacker using backdoor functionality. Methods for spreading may include via Messenger applications, via weakly protected network shares, via vulnerability exploit, or via backdoors opened by other malware during previous system compromises. 

 

A broad range of malware may be detected with this name, hence specific symptoms (such as filenames and registry modifications) may vary from instance to instance. However, this group of malware is likely to appear to be behaviorally similar.

This software threat is detected and removed by the Malicious Software Removal Tool. For more information, see the parent variant.

This software threat is detected and removed by the Malicious Software Removal Tool. For more information, see the parent variant.

This software threat is detected and removed by the Malicious Software Removal Tool. For more information, see the parent variant.

Backdoor:Win32/Rbot.V is a backdoor Trojan that targets computers running certain versions of Microsoft Windows. The Trojan can spread by copying itself to network shares and by exploiting the Windows vulnerabilities described in Microsoft Security Bulletins MS04-011 and MS03-026. Backdoor:Win32/Rbot.V connects to an IRC server to receive commands from attackers.

Backdoor:Win32/Rbot.M is a backdoor Trojan that targets computers running certain versions of Microsoft Windows. The Trojan can spread by copying itself to network shares and by exploiting the Windows DCOM RPC vulnerability described in Microsoft Security Bulletin MS03-026. Backdoor:Win32/Rbot.M connects to an IRC server to receive commands from attackers.

Backdoor:Win32/Rbot.gen is a generic detection for a family of backdoor trojans that allows attackers to control infected computers. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers. Commands can instruct the trojan to spread to other computers by scanning for network shares with weak passwords, exploiting Windows vulnerabilities, and spreading through backdoor ports opened by other families of malicious software. The trojan can also allow attackers to perform other backdoor functions, such as launching denial of service (DoS) attacks and retrieving system information from infected computers.

Backdoor:Win32/Rbot.DH is a backdoor Trojan that connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.