Home Malware Programs Backdoors Backdoor.Win32.Rbot.akee

Backdoor.Win32.Rbot.akee

Posted: June 10, 2010

Backdoor.Win32.Rbot.akee (aka Backdoor.Rbot) is a malicious backdoor Trojan that runs in the background and allows remote access to the compromised system. Backdoor.Win32.Rbot.akee contains a hacktool for attackers to break into the PC. Backdoor.Rbot can change Windows Explorer settings to download other malicious files from external servers. Backdoor.Win32.Rbot.akee monitors user activities to obtain valuable personal information. Backdoor.Rbot poses a dangerous threat to any computer or system and should be terminated immediately.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %CommonPrograms%\Kernel for Outlook Duplicates\Kernel for Outlook Duplicates Help.lnk
    2 %CommonPrograms%\Kernel for Outlook Duplicates\Kernel for Outlook Duplicates.lnk
    3 %CommonPrograms%\Kernel for Outlook Duplicates\Uninstall Kernel for Outlook Duplicates .lnk
    4 %ProgramFiles%\Kernel for Outlook Duplicates\Kernel for Outlook Duplicates.chm
    5 %ProgramFiles%\Kernel for Outlook Duplicates\Kernel for Outlook Duplicates.exe
    6 %ProgramFiles%\Kernel for Outlook Duplicates\license.txt
    7 %ProgramFiles%\Kernel for Outlook Duplicates\NucleusAddin.dll
    8 %ProgramFiles%\Kernel for Outlook Duplicates\unins000.dat
    9 %ProgramFiles%\Kernel for Outlook Duplicates\unins000.exe
    10 %ProgramFiles%\Kernel for Outlook Duplicates\{80000000-DCC6-49b5-9C61-DE91132C3221}.dll
    11 %System%\Redemption.dll

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C4C5F4-1893-444C-B8D8-002F0034DA92}\InprocServer32][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C4C5F4-1893-444C-B8D8-002F0034DA92}\ProgID][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C4C5F4-1893-444C-B8D8-002F0034DA92}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11E2BC0C-5D4F-4E0C-B438-501FFE05A382}\InprocServer32][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11E2BC0C-5D4F-4E0C-B438-501FFE05A382}\ProgID]
Loading...