Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
RBot.winwkys Trojan Information

Name: RBot.winwkys
Category: Trojan
Advice: Remove
Risk: Severe Risk Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Description: RBot.winwkys is a member of the RBot family of remote access tools, also known as backdoors or worms, used by hackers to control a machine without the owner's knowledge.

This group of threats can spread through security exploits, networks, IRC (Internet Relay Chat) servers and sometimes with other malware. Once installed, RBOT will set itself to run on Windows startup, using names that seem to be Windows Related. RBOT allows the attacker to take control of a machine remotely and execute commands. The machine can be used as a spam relay or to participate in a denial of service (DOS) attack. RBOT can spread through networkked computers.

RBot.winwkys has the following characteristics:
(http://www.malwareblog.com/?p=165)

Registry -
"Run" keys
Win32 Services Config

c:windowssystem32winwkys.exe

Propagation -
Attacks other hosts on ports 135, 139, and 445.
Connects to IRC @ 210.245.168.143:443.
Signatures: process: winwkys.exe: MD5 Hash: 385b3a0b1c525b69d47..
Type: Trojan - A Trojan software is any software on a user's computer that the user is not aware or intentionally installed. Most Trojan software is designed to perform some sort of actions that could jeopardize the user's security or privacy.



Top Trojan Visited Pages:
Tro.Downloader.loadadv - 411 visits
Enable Regedit - 195 visits
Java.ClassLoader.Dummy.d - 187 visits
Trojan.BankerSpy - 179 visits
RBot.steam - 86 visits
Startup.NameShifter.Xgtray - 77 visits
Tro.Bagle.SP - 59 visits
LRPatch Trojan - 58 visits
Trojan.BHO.NameShifter.EZ - 55 visits
Tro.YourStartingPage - 54 visits

Random Trojan Pages:
BHO.NameShifter.KP
Evulz.785.A - Alias: Trivial.Malice.785, Univ.ow/a
Startup.NameShifter.OI
Tro.Digipass
Trojan.Startup.NameShifter.JS
Redart.2796
YPM Bomber
ICMIBS - Alias: BackDoor-XB trojan, BackDoor-XB, Backdoor.Delf.aa
IBBM.Pifv.Batch
Startup.NameShifter.LP


 

© 2006-2008 spyware32.com - Privacy Policy