Troj/Brepbot-B is a backdoor Trojan for the Windows platform.
When first run Troj/Brepbot-B copies itself to <System>\csrcmd.exe and creates the following files:
<Temp>\466.bat
<Temp>\755.bat
These files can be safely deleted.
The following registry entries are created to run csrcmd.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
WindowsTaskStat
csrcmd.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WindowsTaskStat
csrcmd.exe
Troj/Brepbot-B includes functionality to:
- terminate and disable anti-virus and security related processes
- download files from the internet and run them