Backdoor:Win32/Rbot.AF

Detected by Microsoft Defender Antivirus

Aliases: Win32/Rbot.AMC (CA) Win32/Slinbot.MI (CA) Backdoor.Win32.Rbot.wi (Kaspersky) Backdoor.Win32.SdBot.gen (Kaspersky) Backdoor:Win32/Rbot!8A89 (Microsoft) W32/Sdbot.APM (Norman) W32/Spybot.DBW (Norman) W32/Rbot-MK (Sophos) W32/Sdbot-PQ (Sophos) Backdoor.Win32.Rbot.wi (Sunbelt Software) W32.Randex (Symantec) W32.Spybot.Worm (Symantec) WORM_RBOT.SP (Trend Micro) WORM_SPYBOT.GEN (Trend Micro)

Summary

Backdoor:Win32/Rbot.AF connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.AF may be detected as Backdoor:Win32/Rbot!8A89.

Backdoor:Win32/Rbot.AF may download and install additional malicious software, thus manual removal is not recommended. To detect and remove this Trojan and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, visit http://www.microsoft.com/athome/security/downloads/default.mspx

Backdoor:Win32/Rbot.AF

Summary

What to do now

Technical information

Threat behavior

Prevention

Symptoms