Backdoor:IRC/Rxbot Description

Backdoor:IRC/Rxbot is a Trojan that will open a backdoor into a compromised PC in order to give a remote attacker unauthorized access to the system. Backdoor:IRC/Rxbot can secretly enter a system via security holes or bundled with other malware and internet downloads. Backdoor:IRC/Rxbot will modify the Windows registry and download other malware onto a system putting a compromised system in greater danger.

Aliases: Rootkit.Agent/Gen-Alureon, Gen:Variant.Kazy.5565 [BitDefender], a variant of Win32/Olmarik.AJE [NOD32], Win32.SuspectCrc [Ikarus], Trojan/Win32.Agent.gen [Antiy-AVL], Win32.SuspectCrc!IK, TR/Spy.Banker.1024512 [AntiVir], Trojan-Spy.Win32.Agent, Trojan-Spy.Win32.Agent.bnhh [Kaspersky], Generic.Banker.Delf.091A4B1B, Virus [K7AntiVirus], Artemis!082D3E45B82A [McAfee], Trojan.Generic.5226588, Troj/VBl-Gen [Sophos] and TR/Spy.37114 [AntiVir].

Technical Information

File System Details

Backdoor:IRC/Rxbot creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%winlogon.exe 1,493,504 dcb2496433f3e7f272bfcbaa03e3f9ec 30
2 %WINDIR%Explorer.exe 1,032,192 857bf7e41e312756c32b44e8c4446a96 21
3 %APPDATA%kksl.exe 270,336 b26682fc2cdfc536e761c57fad65407a 18
4 %TEMP%\cbmjgifme\dhwexplaffm.exe 262,656 89bc95e2dcfe71149b4ed08f341feab2 5
5 %APPDATA%defender.exe 2,275,328 69d8183b09f663ae85b0c9b6f97e3b0f 5
6 %TEMP%setup1683212288.exe 150,016 6aba773ec13268ea26a9c081574e6677 3
7 %userprofile%\music\svchost.exe 37,114 a35d5fb644e7da20c4ada09ebd9cf658 2
8 %WINDIR%\System32\drivers\9ABDF135.sys 10,240 f5fd782e5b0059de564b3bfd2907e593 2
9 %ALLUSERSPROFILE%\b7a2f3\IAb7a_289.exe 4,325,376 bd557bdc81356b8a109593465bb0ab7f 2
10 %APPDATA%uvguw.exe 385,024 c66250aa8460c46a36b6974dcf9c0880 2
11 %WINDIR%\SysWOW64\WinAvs.exe 1,024,512 14339c6a91957a35358f247e0e5991eb 2
12 %USERPROFILE%\Desktop\packupdate107_302.exe 319,488 fadb48715b4197eeb8fbc5961ae812e3 1
13 %ALLUSERSPROFILE%\eb9b5a\IAeb9_2121.exe 4,321,280 a90add7a264d5abbde0aa5fccf61f3bf 1
14 %ALLUSERSPROFILE%\Anwendungsdaten\d28d9f\IAd28_231.exe 3,577,856 07d9262439ce16cfc40930c8e6510ade 1
15 %ALLUSERSPROFILE%\132831\IA132_2121.exe 4,325,376 6d56ff7cafb676d4e28428a88742c6b5 1
16 %ALLUSERSPROFILE%\51687b\IA516_289.exe 3,581,952 82bbaf77aea8f4c6a609e1cbe98c4b3a 1
More files

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.