Backdoor.Rbot

Backdoor.Rbot Description

Backdoor.Rbot is a nasty backdoor Trojan for the Windows platform. Backdoor.Rbot propagates via local network shares, Plug-and-Play vulnerability and other browser security holes. Once executed, Backdoor.Rbot will allow a remote attacker to gain access and control over victim’s computer using a command prompt. This places any personal or financial information stored on your computer in severe jeopardy and represents a serious security risk.

Aliases: Win-Trojan/Xema.variant [AhnLab-V3], Heuristic.LooksLike.Win32.Winwebsec.B [McAfee-GW-Edition], TR/Agent.172032.BD [AntiVir], W32/Suspicious_Gen2.PARSZ, Generic.dx!kvq [McAfee], Win32/PolyCrypt [AVG], Trojan.Generic, Malware/Win32.Trojan Horse [AhnLab-V3], Mal/Packer [Sophos], Heuristic.BehavesLike.Win32.Packed.B [McAfee-GW-Edition], PCK/YodaProt [AntiVir], TrojWare.Win32.TrojanDownloader.Agent.accn [Comodo], PUA.Packed.YodaProtector [ClamAV], W32/Suspicious_Gen2.DPQRB and probably a variant of Win32/Agent.BTWMZCQ [NOD32].

Technical Information

File System Details

Backdoor.Rbot creates the following file(s):
# File Name Size MD5 Detection Count
1 %PROGRAMFILES%\Web Accelerator\webxl.exe 98,304 5aa14df443bed4044270376a92335c07 86
2 %PROGRAMFILES(x86)%\RealFlightG4\LauncherG4.exe\LauncherG4.exe 847,872 ed2cf5843530083d5f59fc8408d0689c 77
3 %PROGRAMFILES%\LapLink Gold\laplink.exe 1,626,112 acfd7e28bc4596d93a8021a95abe6045 19
4 %PROGRAMFILES%\ASMonitor\ASMonitor.exe 684,544 e555cc1631373c69235864b11d423e5f 19
5 jjiwyfaif.exe 80,384 f90bf8b3287e4d2ed903d5670b9e5301 10
6 %PROGRAMFILES%\Game Accelerator\gamexl.exe 172,032 284258b9aa54d6eac529e7ab5a2cc72d 9
7 %WINDIR%\system32\c9x1l2m7z.exe 1,394,688 ad7621465b6ff769a0b66faf6c59f35e 6
8 %USERPROFILE%\AppData\MsnSys.exe 241,664 4cddb846c5005415c8479935003dd08d 6
9 %ALLUSERSPROFILE%\Dados de aplicativos\Imagen5.exe 217,088 100c01b816ddc64bfb556732a137526e 5
10 %WINDIR%\system32\iwbiej.exe 282,624 e6de564d9fe19589dd0b173c67cfbf9d 4
11 %APPDATA%Albino3Installer301.exe 21,504 5c77796ec28de0a64ea8e417be02e225 4
12 %WINDIR%\system32\slvhost.exe 933,888 b105c0b1dbd44c9377fb53323a54314a 2
13 kbqoog.exe 919,670 1998e8df756d372160c8515e26dfb71d 1
14 %WINDIR%\system32\winsystems.exe 67,064 0391e9796711cdd1ffd60d6a552c47c4 1
15 wuitgurd.exe 72,835 f3f75ca1d0b8182203a35ff6af84cfe7 1
16 %USERPROFILE%\AppData\Winnet32.exe 249,344 8ee14d82b761e6e3a340d1c84f4b3ba2 1
17 sabhost.exe 933,888 449aa6e148987f191c673de3b2a65f31 1
18 %WINDIR%\system32\w32serv.exe 1,069,056 cf61065b0773225676217d6fc1b1701e 1
19 %WINDIR%\system32\delta.exe 39,424 6040da4aa1430c853dc8b67f2157da62 1
20 svho0st98.exe 246,784 2d4d9f0eb02175f31216a8ee672e938f 0
21 rBot.exe 456,291 6e1c383159866fd6011bda7bb97f4c8d 0
22 dragonage.exe 111,616 7c5ef2a797028ab9b312b263e30ea6e5 0
23 taskmnegr.exe 196,608 c53c08120fb41a9242bf69c4c9d23c39 0
24 xifacl.exe 99,328 db179f8a4373f040fb475a4a2754ccc4 0
25 mskeyboardrun.exe 68,096 3ef1313c66932a18620e8180c3aa3930 0
26 pkecbowpv.exe 80,384 f95893f180fd8fed16f27b13790382dd 0
27 msn.exe 902,144 51231178888e36983d36443dbe753778 0
28 lsass.exe 81,920 d5991f0c78e63d2409e39e071bf5d831 0
More files

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.