backdoor.win32.rbot.gen

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hello,

I ran KIS and it found the trojan "backdoor.win32.rbot.gen" and
removed it. I looked up the description of this virus and it says that
it steals your paypal information and "anything interesting". I don't
know how long I had this virus for. Do I need to be worried? Should I
change my passwords for any internet sites?

TIA

Re: backdoor.win32.rbot.gen

Quoted text here. Click to load it

Yes

-jen



Re: backdoor.win32.rbot.gen


| Hello,

| I ran KIS and it found the trojan "backdoor.win32.rbot.gen" and
| removed it. I looked up the description of this virus and it says that
| it steals your paypal information and "anything interesting". I don't
| know how long I had this virus for. Do I need to be worried? Should I
| change my passwords for any internet sites?

| TIA

I agree with Jen.  Such an action would be prudent.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: backdoor.win32.rbot.gen

Sam wrote:
Quoted text here. Click to load it


I think you should

a) change your passwords regularly;
b) get a credit card with a low limit ($500-$1000) strictly for on-line use;
c) set up an e-mail account strictly for on-line business.

Personally, I avoid Paypal, and use only credit cards, but that's my
paranoia at work. ;-)

--
wolf k.

Re: backdoor.win32.rbot.gen


Quoted text here. Click to load it
use;

Being a CC holder is only responsible for the first $50, and with some high
end cards 0$'s, of a fraudulent purchase why is it necessary/prudent to use
a low limit card? Perhaps for the CC company's benefit, but their well being
isn't a significant concern for me.



Re: backdoor.win32.rbot.gen

tom wrote:
Quoted text here. Click to load it


The responsibility of the CC holder varies with jurisdiction and
contract, as do the limits. Eg, the $50 limit may apply only after you
have notified the CC company of your loss, depending. Read the fine
print, and know the applicable law.

As for not worrying about the CC company's losses: we all pay for them
one way or another. The CC companies have to find the money to offset
fraud related losses somewhere. And they do. The fees and interest on
o/s balances are the major source. So are merchant's fees, which can run
as high a 8% (they are lower with higher transaction volumes). The
notion that if "someone else pays"

Oh well, enough rant for today. ;-)

--
wolf k.

Re: backdoor.win32.rbot.gen

On Thu, 01 May 2008 09:21:03 -0400, Wolf Kirchmeir

Quoted text here. Click to load it


Thanks. Can I ask: what do you mean by (c) e-mail for on-line
business; by definition doesn't e-mail have to be online?

How does this virus work? Sometimes you visit a website and IE or
Firefox asks if it should remember the password. They must store these
somewhere. Does the virus read from this store or does it read your
keypresses when you enter it or does it intercept when the browser
transmits to the web site?

I am wondering whether it only affects sites visited or all sites
recorded on your HDD and whether it affectes both IE and Firefox or
just the one?

BTW is KIS or KAV the best thing to detect these nasties? I hear NOD
is good too. is there anything else? I have heard there are special
"trojan detector" programs; are these necessary?

TIA

Re: backdoor.win32.rbot.gen

"Sam" wrote:

Quoted text here. Click to load it

Without your sample it's impossible to be sure. Some I've analysed
decrypt everything in Windows protected storage and upload it to
a site. They also collect details of what software you have installed.

Quoted text here. Click to load it

Assume it's all usernames and paswwords on your sytem.

Quoted text here. Click to load it

Either browser may have been involved in dropping it, or it may have
got in some other way. Thereafter, it will run independently.

Quoted text here. Click to load it

The best thing is not to install malware in the first place.



Re: backdoor.win32.rbot.gen

Sam wrote:
Quoted text here. Click to load it

I have an e-mail address that I use exclusively for online purchases,
setting up log-in IDs, etc. That way business related "announcements"
don't clutter my personal e-mail box. By setting up several identities,
you reduce the probability of hijacking (only marginally, I suppose, but
it clams my paranoia. ;-))

--
wolf k.

Re: backdoor.win32.rbot.gen

[snip]
Quoted text here. Click to load it

Backdoor.Win32.Rbot.gen
Aliases:
Backdoor.Win32.Rbot.gen (Kaspersky Lab) is also known as:
W32/Sdbot.worm.gen.h (McAfee),   W32.Spybot.Worm (Symantec),
Win32.HLLW.MyBot (Doctor Web),   W32/Rbot-IR (Sophos),
Backdoor:Win32/Spybot.AI (RAV),   WORM_RBOT.KZ (Trend Micro),
Worm/RBot.RT (H+BEDV),   Win32:SdBot-194-B (ALWIL),
IRC/BackDoor.SdBot.55.U (Grisoft),   Backdoor.Rbot.RP (SOFTWIN),
Trojan.Spybot-79 (ClamAV),   W32/Gaobot.ALK.worm (Panda),
Win32/Rbot.AEF (Eset)
Description added: Aug 06 2004
Behavior: Backdoor

Technical details:
Backdoor.Rbot is a family of Trojan programs for Windows, which offer
the user remote access to victim machines. The Trojans are controlled
via IRC, and have the following functions:

* monitor networks for interesting data packets (i.e. those containing
passwords to FTP servers, and e-payment systems such as PayPal etc.)
* scan networks for machines which have unpatched common vulnerabilties
(RPC DCOM, UPnP, WebDAV and others); for machines infected by Trojan
programs (Backdoor.Optix, Backdoor.NetDevil, Backdoor.SubSeven and
others) and by the Trojan components of worms (I-Worm.Mydoom,
I-Worm.Bagle); for machines with weak system passwords
* conduct DoS attacks
* launch SOCKS and HTTP servers on infected machines
* send the user of the program detailed information about the victim
machine, including passwords to a    range of computer games
http://www.viruslist.com/en/viruses/encyclopedia?virusid=56713

-jen






Site Timeline