Backdoor:Win32/Rbot!2EAA

Detected by Microsoft Defender Antivirus

Aliases: Win32/Rbot.AEM (CA) Backdoor.Win32.Rbot.gen (Kaspersky) Backdoor:Win32/Rbot.AH (Microsoft) W32/Spybot.YU (Norman) W32/Rbot-LB (Sophos) Rbot (Sunbelt Software) W32.Spybot.Worm (Symantec) WORM_RBOT.PR (Trend Micro)

Summary

Backdoor:Win32/Rbot2EAA is a backdoor Trojan that connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot!2EAA may be detected as Backdoor:Win32/Rbot.AH.

Backdoor:Win32/Rbot!2EAA may download and install additional malicious software, thus manual removal is not recommended. To detect and remove this Trojan and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, visit http://www.microsoft.com/athome/security/downloads/default.mspx

Backdoor:Win32/Rbot!2EAA

Summary

What to do now

Technical information

Threat behavior

Prevention

Enable a firewall on your computer

Get the latest computer updates

Use up-to-date antivirus software

Use caution with attachments and file transfers

Symptoms