RBot.ntdtrknm
Category: Trojan
Risk:
Severe Risk
* Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Description: RBot.ntdtrknm is a member of the RBot family of remote access tools, also known as backdoors or worms, used by hackers to control a machine without the owner's knowledge. This group of threats can spread through security exploits, networks, IRC (Internet Relay Chat) servers and sometimes with other malware. Once installed, RBOT will set itself to run on Windows startup, using names that seem to be Windows Related. RBOT allows the attacker to take control of a machine remotely and execute commands. The machine can be used as a spam relay or to participate in a denial of service (DOS) attack.RBOT can spread through networkked computers. According to http://www.malwareblog.com/?p=158, RBot.ntdtrknm has the following characteristics: Registry - "Run" keys Nfpt Microsoft Config c:\windows\system32\nfdtrknm.exe Propagation - Attacks other hosts on port 135. Connects to IRC server @ 209.125.238.100:65348
Alias: Backdoor.Win32.Rbot.gen
Signatures:
process: nfdtrknm.exe: MD5 Hash: c9c5c7691a8e632e212..
Copyright @2006 THR Computer Solutions: RBot.ntdtrknm