W32/Rbot-GVJ

Category:	Viruses and Spyware	Protection available since:	28 Nov 2007 13:25:50 (GMT)
Type:	Win32 worm	Last Updated:	28 Nov 2007 13:25:50 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Summary
More information

W32/Rbot-GVJ is a worm for the Windows platform.

W32/Rbot-GVJ attempts to spread via remote network shares with weak passwords and by exploiting common system vulnerabilities. The worm also contains functionality to connect to an IRC server and listen for backdoor commands.

When first run W32/Rbot-GVJ copies itself to <System>\firefox.exe.

The following registry entries are created to run firefox.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft
firefox.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Microsoft
firefox.exe

The following registry entry is set:

HKCU\Software\Microsoft\OLE
Microsoft
firefox.exe

Try Sophos products for free
Download now

W32/Rbot-GVJ

Free Mac Anti-Virus

Popular topics