W32/Rbot-GMM

Category: Viruses and SpywareProtection available since:25 Apr 2007 00:00:00 (GMT)
Type: Win32 wormLast Updated:25 Apr 2007 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Rbot-GMM is a worm for the Windows Platform.

W32/Rbot-GMM can spread to other computers by using exploits.

W32/Rbot-GMM runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

When first run W32/Rbot-GMM copies itself to <System>\alg32.exe.

The following registry entries are created to run alg32.exe on startup.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Office Monitor
<System>\alg32.exe


W32/Rbot-GMM also alters the following registry entries:

HKLM\SOFTWARE\Microsoft\Ole
EnableDCOM
N

HKCU\Software\Microsoft\OLE
Windows APCI Verifier