Troj/Borobot-A

Aliases	Backdoor.Win32.Robobot.a BackDoor-CMQ BKDR_ROBOBOT.L
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	25 February 2005 12:55:15 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/Borobot-A is a backdoor Trojan.

Troj/Borobot-A copies itself with the filename SVCHOST.EXE to either the Windows system folder or to the folder Application Data\Microsoft\Internet Explorer. Troj/Borobot-A then sets the following entry in the registry so as to run the copy of itself on system startup, though it may delete the entry during execution:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
.mscsbl

Troj/Borobot-A connects to an IRC server and acts as a backdoor Trojan, allowing access to the infected computer by a remote user.

Troj/Borobot-A may download files from remote locations to the Windows system folder and execute them if instructed to do so by a remote user.

Troj/Borobot-A acts as a proxy server, routing information from a remote user to their chosen destination.

Troj/Borobot-A allows a remote user to send emails from the infected computer using its own email engine.

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Sophos blogs

Troj/Borobot-A

Summary

Action

More Information