Trojan:Win32/Simda.R is a component of Backdoor:Win32/Simda.A that is used to bypass the user account control (UAC) dialog in order to gain administrator privileges on the affected computer.

Trojan:Win64/Simda.A is a 64-bit component of Backdoor:Win32/Simda.A. This component is responsible for elevating privileges in a 64-bit environment. It allows the main backdoor code to perform file system operations that require elevated permissions without displaying a security warning via user account control (UAC).

Backdoor:Win32/Berbew.AD is a Trojan that installs silently on your computer. It can capture and send personal information to a Web site. It can also download files from Web sites and run them on your computer. There are no readily apparent indications that your computer is infected with this Trojan.

Backdoor:Win32/Rbot.AJ is a backdoor Trojan that connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

 

Backdoor:Win32/Rbot.AJ may be detected as Backdoor:Win32/Rbot.gen!A.

Backdoor:Win32/Rbot.AL is a backdoor Trojan that connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.BH is a backdoor Trojan that connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

 

Backdoor:Win32/Rbot.BH may be detected as Backdoor:Win32/Rbot!2FA0.

Backdoor:Win32/Rbot.CZ is a backdoor Trojan that connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.EO is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.FE is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.FP is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

This dynamic-link library (DLL) file is dropped by variants of Backdoor:Win32/Berbew. See the parent variant list for more information.

Backdoor:Win32/Gael.A is a backdoor Trojan that targets certain versions of Microsoft Windows. The Trojan is downloaded, installed, and executed by TrojanDownloader:Win32/Gael.A.

Update: This threat has been renamed Backdoor:Win32/Mocbot.A.

 

Backdoor:Win32/Graweg.B is an IRC Trojan that connects to an IRC channel and awaits commands from remote attackers. When instructed, Backdoor:Win32/Graweg.B begins searching the local network for systems which have not yet applied the Microsoft Windows Server Service security patch described in Microsoft Security Bulletin MS06-040. The Trojan also includes the ability to send messages via AOL Instant Messenger (AIM) and ICQ. The exploit code used by Backdoor:Win32/Graweg.B is only effective against un-patched systems running Windows 2000. However, the Trojan can still infect patched versions of Windows 2000 and other Windows operating systems by means other than exploit. For example, Backdoor:Win32/Graweg.B could be distributed as an e-mail attachment, or a link to the Trojan could be sent to e-mail or AIM recipients.

 

Backdoor:Win32/Graweg.B may lower security settings on infected systems and allows the system to be used for nefarious purposes, such as launching a Denial of Service (DoS) attack against others. Backdoor:Win32/Graweg.B includes the ability to download other files, thus the Trojan could update its functionality or download additional malicious software to infected systems.

 

Backdoor:Win32/Graweg.B has been assigned CME ID 762 and will be detected by Microsoft as

Backdoor:Win32/Gaobot.DD is a backdoor Trojan that targets certain versions of Microsoft Windows. The Trojan allows remote attackers to control a computer through an IRC channel. When the Trojan receives certain commands, it may spread to other computers or target certain Web sites for denial of service (DoS) attacks.

Backdoor:Win32/Gaobot.DF is a backdoor Trojan that targets certain versions of Microsoft Windows. The Trojan allows remote attackers to control an infected computer through an IRC channel. When the Trojan receives certain commands from an attacker, it can spread to other computers or target certain Web sites for denial of service (DoS) attacks.

Backdoor:Win32/Hackdef.AA is a backdoor Trojan that is distributed in various ways to computers running certain versions of Microsoft Windows. This Trojan is a user-mode rootkit. It creates, alters, and hides Windows system resources and can hide proxy services and backdoor functionality. It can also conceal use of TCP and UDP ports for receiving commands from attackers.

This software threat is detected and removed by the Malicious Software Removal Tool. For more information, see the parent variant.

This software threat is detected and removed by the Malicious Software Removal Tool. For more information, see the parent variant.

This software threat is detected and removed by the Malicious Software Removal Tool. For more information, see the parent variant.