backdoor.win32.rbot.gen

  • Thread starter Thread starter Sam
  • Start date Start date
S

Sam

Hello,

I ran KIS and it found the trojan "backdoor.win32.rbot.gen" and
removed it. I looked up the description of this virus and it says that
it steals your paypal information and "anything interesting". I don't
know how long I had this virus for. Do I need to be worried? Should I
change my passwords for any internet sites?

TIA
 
Sam said:
Hello,
I ran KIS and it found the trojan "backdoor.win32.rbot.gen" and
removed it. I looked up the description of this virus and it says that
it steals your paypal information and "anything interesting". I don't
know how long I had this virus for. Do I need to be worried? Should I
change my passwords for any internet sites?
Click to expand...

Yes

-jen
 
From: "Sam" <[email protected]>

| Hello,

| I ran KIS and it found the trojan "backdoor.win32.rbot.gen" and
| removed it. I looked up the description of this virus and it says that
| it steals your paypal information and "anything interesting". I don't
| know how long I had this virus for. Do I need to be worried? Should I
| change my passwords for any internet sites?

| TIA

I agree with Jen. Such an action would be prudent.
 
I think you should

a) change your passwords regularly;
b) get a credit card with a low limit ($500-$1000) strictly for on-line use;
c) set up an e-mail account strictly for on-line business.
Click to expand...


Thanks. Can I ask: what do you mean by (c) e-mail for on-line
business; by definition doesn't e-mail have to be online?

How does this virus work? Sometimes you visit a website and IE or
Firefox asks if it should remember the password. They must store these
somewhere. Does the virus read from this store or does it read your
keypresses when you enter it or does it intercept when the browser
transmits to the web site?

I am wondering whether it only affects sites visited or all sites
recorded on your HDD and whether it affectes both IE and Firefox or
just the one?

BTW is KIS or KAV the best thing to detect these nasties? I hear NOD
is good too. is there anything else? I have heard there are special
"trojan detector" programs; are these necessary?

TIA
 
[snip]
How does this virus work? Sometimes you visit a website and IE or
Firefox asks if it should remember the password. They must store these
somewhere. Does the virus read from this store or does it read your
keypresses when you enter it or does it intercept when the browser
transmits to the web site?
I am wondering whether it only affects sites visited or all sites
recorded on your HDD and whether it affectes both IE and Firefox or
just the one?
BTW is KIS or KAV the best thing to detect these nasties? I hear NOD
is good too. is there anything else? I have heard there are special
"trojan detector" programs; are these necessary?
Click to expand...

Backdoor.Win32.Rbot.gen
Aliases:
Backdoor.Win32.Rbot.gen (Kaspersky Lab) is also known as:
W32/Sdbot.worm.gen.h (McAfee), W32.Spybot.Worm (Symantec),
Win32.HLLW.MyBot (Doctor Web), W32/Rbot-IR (Sophos),
Backdoor:Win32/Spybot.AI (RAV), WORM_RBOT.KZ (Trend Micro),
Worm/RBot.RT (H+BEDV), Win32:SdBot-194-B (ALWIL),
IRC/BackDoor.SdBot.55.U (Grisoft), Backdoor.Rbot.RP (SOFTWIN),
Trojan.Spybot-79 (ClamAV), W32/Gaobot.ALK.worm (Panda),
Win32/Rbot.AEF (Eset)
Description added: Aug 06 2004
Behavior: Backdoor

Technical details:
Backdoor.Rbot is a family of Trojan programs for Windows, which offer
the user remote access to victim machines. The Trojans are controlled
via IRC, and have the following functions:

* monitor networks for interesting data packets (i.e. those containing
passwords to FTP servers, and e-payment systems such as PayPal etc.)
* scan networks for machines which have unpatched common vulnerabilties
(RPC DCOM, UPnP, WebDAV and others); for machines infected by Trojan
programs (Backdoor.Optix, Backdoor.NetDevil, Backdoor.SubSeven and
others) and by the Trojan components of worms (I-Worm.Mydoom,
I-Worm.Bagle); for machines with weak system passwords
* conduct DoS attacks
* launch SOCKS and HTTP servers on infected machines
* send the user of the program detailed information about the victim
machine, including passwords to a range of computer games
http://www.viruslist.com/en/viruses/encyclopedia?virusid=56713

-jen
 
Back
Top