RBot.sys

Category: Trojan

Risk: Severe Risk

* Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

Description: RBot is a Trojan worm that spreads through network shares and provides various backdoor capabilities to the attacker. Attacks other hosts on port 135. Connects to IRC server @ 213.202.229.150:6667. sys.exe Packed PE_Patch.Morphine sys.exe Packed Morphine

Alias: None

Signatures:
process: sys.exe: MD5 Hash: 8e040033ebe4da0b778..