Know Your Malware: Gravebot Removal

Gravebot is an IRC-controlled backdoor that provides the remote attacker with full unauthorized access to a compromised computer. The threat also contacts a predetermined web server, silently downloads from there and runs arbitrary files, some of them can be malicious. Gravebot automatically runs on every Windows startup.

Related files: codll.exe, sum.tgz

Gravebot properties:
Allows remote user connection
Connects itself to the internet
Hides from the user
Stays resident in background Remove Gravebot, removal instructions

Linked by shanmuga Tuesday, 1st November 2005 9:32PM