Rbot_28 belongs to a large family of backdoors that try to bypass Windows security features. It is a remote administration tool, that once installed, will allow an attacker full control of the compromised machine to perform a variety of malicious activities such as executing commands and stealing data.
Process Related Changes
It creates the following mutex(es):
- "CB35EF5D-4591-41d9-BBA2-0363342F3783"
It creates the following process(es): - C:\windows\temp\dllinject.exe
|
