This software threat is detected and removed by the Malicious Software Removal Tool. For more information, see the parent variant.

This software threat is detected and removed by the Malicious Software Removal Tool. For more information, see the parent variant.

This software threat is detected and removed by the Malicious Software Removal Tool. For more information, see the parent variant.

Backdoor:Win32/Gaobot is family of worms that can spread across network connections by breaking weak passwords or by exploiting vulnerabilities described in Microsoft Security Bulletins MS03-001, MS03-007, or MS03-026. After a variant copies and runs itself on a remote computer, it connects to an IRC server to receive commands.

Backdoor:Win32/Gaobot.E is a backdoor Trojan that can spread across network connections by breaking weak passwords or by exploiting vulnerabilities described in Microsoft Security Bulletins MS03-001, MS03-007, or MS03-026. The Trojan can also spread to other computers using the KaZaA peer-to-peer file sharing network. After the Trojan copies and runs itself on a remote computer, it connects to an IRC server to receive commands.

Backdoor:Win32/Rbot.DY is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.EJ is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.V is a backdoor Trojan that targets computers running certain versions of Microsoft Windows. The Trojan can spread by copying itself to network shares and by exploiting the Windows vulnerabilities described in Microsoft Security Bulletins MS04-011 and MS03-026. Backdoor:Win32/Rbot.V connects to an IRC server to receive commands from attackers.

Backdoor:Win32/Rbot.M is a backdoor Trojan that targets computers running certain versions of Microsoft Windows. The Trojan can spread by copying itself to network shares and by exploiting the Windows DCOM RPC vulnerability described in Microsoft Security Bulletin MS03-026. Backdoor:Win32/Rbot.M connects to an IRC server to receive commands from attackers.

Backdoor:Win32/Flux.I is a trojan that injects itself into the explore.exe and iexplore.exe processes, and attempts to connect to a pre-designated Web site on TCP port 8080.

Backdoor:Win32/Poebot is a family of backdoor trojans that allow remote attackers to control infected computers. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers. Commands can instruct the trojan to spread to other computers by scanning for network shares with weak passwords, exploiting unpatched vulnerabilities, and spreading through backdoor ports opened by other families of malicious software. The trojan can also allow attackers to perform other backdoor functions, such as launching denial of service (DoS) attacks and retrieving system information from infected computers. In addition, the trojan may be used to steal CD keys and licensing credentials for various online games.

Worm:Win32/Gaobot.FC is a worm that can spread across network connections by breaking weak passwords or by exploiting vulnerabilities described in Microsoft Security Bulletins MS03-001, MS03-007, or MS03-026. After the Trojan copies and runs itself on a remote computer, it connects to an IRC server to receive commands.