W32/Rbot-GVJ

Category: Viruses and SpywareProtection available since:28 Nov 2007 13:25:50 (GMT)
Type: Win32 wormLast Updated:28 Nov 2007 13:25:50 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Rbot-GVJ is a worm for the Windows platform.

W32/Rbot-GVJ attempts to spread via remote network shares with weak passwords and by exploiting common system vulnerabilities. The worm also contains functionality to connect to an IRC server and listen for backdoor commands.

When first run W32/Rbot-GVJ copies itself to <System>\firefox.exe.

The following registry entries are created to run firefox.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft
firefox.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Microsoft
firefox.exe

The following registry entry is set:

HKCU\Software\Microsoft\OLE
Microsoft
firefox.exe