Selected viruses, spyware, and other threats: sorted alphabetically
Win32/Rbot
|
Short description
The trojan serves as a backdoor. It can be controlled remotely.Installation
When executed, the trojan copies itself into the %system% folder using the following filename:- %variable%.exe
In order to be executed on every system start, the trojan modifies the following Registry keys:
- [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion
Run]
"Windows Layer" = "%system%%variable%.exe" - [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion
RunServices]
"Windows Layer" = "%system%%variable%.exe"
Other information
The trojan is sent data and commands from a remote computer or the Internet.The trojan connects to the following addresses:
- irc.seslichat5.com
It can execute the following operations:
- send the list of disk devices and their type to a remote computer
- download files from a remote computer and/or Internet
- spread via shared folders and P2P networks
- sending various information about the infected computer
- collect information about the operating system used
- connect to remote computers to a specific port
- send the list of disk devices and their type to a remote computer
- download files from a remote computer and/or Internet
- spread via shared folders and P2P networks
- sending various information about the infected computer
- collect information about the operating system used
- connect to remote computers to a specific port
- stop itself for a certain time period
- obtain the list of shared network folders
- capture webcam video/voice
- capture screenshots
- send files to a remote computer
- retrieve the CPU information
- redirect traffic
- monitor network traffic
- spread via IM networks
- log keystrokes
- terminate running processes
- run executable files
- shut down/restart the computer
- perform port scanning
- open a specific URL address
- perform DoS/DDoS attacks
- update itself to a newer version
- delete folders
- create folders
- move files
- delete files
- open ports
