RBot.WinMes
Category: Trojan
Risk:
Severe Risk
* Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Description: RBot.WinMes copies itself to the Windows system folder as "winmes.exe" and creates the following registry entries in order to run automatically on computer logon: HKLM\Software\Microsoft\Windows\CurrentVersion\RunMicrosoft MediaScope winmes.exe HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesMicrosoft MediaScope winmes.exe
Alias: W32/RBOT-XU, winmes, Microsoft MediaScope
Signatures:
process: winmes.exe: MD5 Hash: e4d5d01a7f5a3508a87
process: winmes.exe: MD5 Hash: 7676cad621ca7193fe8..
Copyright @2006 THR Computer Solutions: RBot.WinMes