W32/Rbot-GWN

    Category: Viruses and Spyware
    Type: Win32 worm
    Prevalence: Small Number of Reports

    Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

    W32/Rbot-GWN is a worm for the Windows platform.

    When first run W32/Rbot-GWN copies itself to <Windows>\windows\mosadl.exe and creates the following files:

    <Startup>\mosadl.exe.lnk
    <Windows>\windows\mosad.sys

    The file mosad.sys is detected as Mal/Behav-010.

    The following registry entries are created to run mosadl.exe on startup:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    mosadl
    <Windows>\WINDOWS\mosadl.exe

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    mosadl
    <Windows>\WINDOWS\mosadl.exe

    Registry entries are created under:

    HKCR\dllfile\shell\open\command

    Download Sophos HomeDownload
    Sophos Home

    Free business-grade security for the home.

    Endpoint Protection