high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Protection available since | 2 August 2004 13:16:17 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
Please read the instructions for removing W32/Rbot-FH.
More Information
W32/Rbot-FH is a network worm with backdoor functionality.
W32/Rbot-FH will also attempt to terminate various security related processes, steal passwords and game keys, brute-force weak network shares and connect to a remote IRC server to receive further instruction from an attacker. W32/Rbot-FH is a network worm with backdoor functionality. When executed the worm will move itself to the Windows System folder as sxvhost.exe and create the following registry entries so as to auto-start on user logon or system reboot:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Mircrosoft--Updates = sxvhost.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Mircrosoft--Updates = sxvhost.exe
The following registry entry is also modified:
HKCU\Software\Microsoft\OLE\Microsoft--Updates = sxvhost.exe
W32/Rbot-FH will also attempt to terminate various security related processes, steal passwords and game keys, brute-force weak network shares and connect to a remote IRC server to receive further instruction from an attacker.
|
