Backdoor:Win32/Rbot.EB

Detected by Microsoft Defender Antivirus

Aliases: Backdoor.Win32.Rbot.adf (Kaspersky) W32/Sdbot.worm.gen (McAfee) W32/Spybot.HTU (Norman) W32/RBot.ACA (Sophos) Bakcdoor.Rbot.rant (Sunbelt Software) W32.Spybot.Worm (Symantec) WORM_RBOT.AQA (Trend Micro)

Summary

Backdoor:Win32/Rbot.EB is a backdoor trojan that spreads by copying exploiting the vulnerabilities described in Microsoft Security Bulletins MS04-011 and MS03-026. Backdoor:Win32/Rbot.EB connects to an IRC server from the infected computer and accepts commands remote from attackers.

Backdoor:Win32/Rbot.EB may download and install additional malicious software, thus manual removal is not recommended. To detect and remove this Trojan and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, visit http://www.microsoft.com/athome/security/downloads/default.mspx

Backdoor:Win32/Rbot.EB

Summary

What to do now

Technical information

Threat behavior

Prevention

Symptoms