We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Backdoor:Win32/Rbot.SR
Detected by Microsoft Defender Antivirus
Aliases: Trojan.Win32.Buzus.doef (Kaspersky) IRC-Worm.SuspectCRC (Ikarus) Trj/Buzus.AH (Panda) W32.IRCBot (Symantec) TROJ_BUZUS.BHY (Trend Micro)
Summary
Backdoor:Win32/Rbot.SR is a backdoor trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.
To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
Additional remediation instructions for Backdoor:Win32/Robt.SR
This threat may make lasting changes to a computer’s configuration that are NOT restored by detecting and removing this threat. For more information on returning an infected computer to its pre-infected state, please see the following article/s:
- Enabling Distributed COM (DCOM) using DCOMCNFG.EXE
- For Windows 7 and Vista: http://technet.microsoft.com/library/cc771387.aspx
- For Windows XP: http://support.microsoft.com/kb/825750
- For more on the 'restrictanonymous' registry value:
- For other support and help related articles, go to:
- Windows 7: http://support.microsoft.com/gp/windows7
- Windows Vista: http://support.microsoft.com/ph/11732
- Windows XP: http://support.microsoft.com/ph/1173
- Microsoft Security TechNet Center: http://technet.microsoft.com/security/default.aspx
Follow us
