Main Menu
Contact Us

RDBot Worm Information

Name: RDBot
Category: Worm
Alias: - Alias: W32.Poverty.A@mm, W32.Klez.gen@mm, W32.Klez.A@mm
Advice: Remove
Risk: Severe Risk Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Description: A LSASS vulnerability worm, that propogates itself via network shares.

RDBot is used to steal passwords and product keys from a number of games and applications, can also terminate antivirus processes weakening your computer security. Some variants are known to contain keyloggers.

When infected RDBot will insert itself into the HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run with a variety of system security looking names.

RDbot will also add itself as a system service
further degrading the system stability.

Signatures: process: random.exe: MD5 Hash: 3f3cc8a5afba6933aca... process: suge.exe: MD5 Hash: 68c75fdc65147831499... process: random.exe: MD5 Hash: 6da7b4aa4cdeced4b0d... process: vjbczzxzs.exe: MD5 Hash: f0c6c8c8e27f0f679ad... process: msupdsrv.exe: MD5 Hash: 1ffda4c95f527b02d54... process: random.exe: MD5 Hash: 2684ffd69f8c210a07c... process: mszk.exe: MD5 Hash: babfbc267f213749ffc... process: msmacroprot32.exe: MD5 Hash: 081c6f1b809b8f32e3e... process: taksmgr.exe: MD5 Hash: ... process: taksmgr.exe: MD5 Hash: b2af1db87610ab9cfc9..
Type: Worm - Spyware's primary purpose is to collect demographic and usage information from your computer, usually for advertising purposes. Spyware usually that 'sneaks' onto a system or performs other activities hidden to the user. Spyware programs are usually bundled as a hidden component and downloaded from the Internet. These modules are almost always installed on the system secretively and try to run secretively as well.

Top Worm Visited Pages:
RDBot - Alias: Rdbot.xx variants, Spybot.xx, Sdbot.xx - 1153 visits
Rbot - Alias: Backdoor.Rbot.Gen - 598 visits
Wukill.mstray - Alias: Win32/HLLW.Wukill - 577 visits
SDBot - Alias: Wootbot.gen, Wootbot, Donk, spybot, Agobot - 483 visits
Worm.Brit.e - Alias: VBS/Chick.e@M virus - 253 visits
Trojan.Downloader.winstall - 245 visits
Gaobot - 212 visits
Win32/Darby.O - 196 visits
IRC.Worm.Pron - Alias: Pron.gen - 169 visits
Worm.P2P.SpyBot.gen - 122 visits

Random Worm Pages:
Worm.Segaf - Alias: I-Worm.Rous.c
IRC.Worm.Lazirc.f - Alias: IRC-Worm.Dreamirc.e
worm.Icecubes 1.05
Worm.KellyOusbourne - Alias: VBS/Generic@MM
Haile Selassie is Jesus Christ! - Alias: I-Worm.Rastam
Hermes - Alias: I-Worm.Hermes.d , W32/Hermes
Help Virus/Worm 1.00
Worm.Klez.A - Alias: W32.Poverty.A@mm, W32.Klez.gen@mm, W32.Klez.A@mm


2006-2008 - Privacy Policy