ThreatExpert's Statistics for Backdoor.Win32.Rbot [Ikarus]:

Backdoor.Win32.Rbot [Ikarus] is also known as:

Threat Alias	Number of Incidents
Mal/EncPk-DZ [Sophos]	35
W32.Spybot.Worm [Symantec]	33
Mal/Generic-A [Sophos]	21
Backdoor.Win32.Rbot.gen [Kaspersky Lab]	19
Backdoor:Win32/Rbot.gen [Microsoft]	15
not-a-virus:AdWare.Win32.BHO.imp [Kaspersky Lab]	15
Trojan-Downloader.Win32.Homa.zw [Kaspersky Lab]	15
Backdoor:Win32/Rbot [Microsoft]	14
not-a-virus:AdWare.Win32.BHO.isf [Kaspersky Lab]	14
Trojan Horse [Symantec]	14
Mal_Banker [Trend Micro]	10
W32/Sdbot.worm.gen.g [McAfee]	10
Win32/IRCBot.worm.Gen [AhnLab]	10
Backdoor.Trojan [Symantec]	9
Backdoor.Win32.VB.gqs [Kaspersky Lab]	9
Generic.dx [McAfee]	8
Trojan-Banker.Win32.Banker.amzo [Kaspersky Lab]	8
W32/Rbot-Fam, W32/Rbot-Gen [Sophos]	8
WORM_SPYBOT.GEN [Trend Micro]	7
Backdoor.VB!sd6 [PC Tools]	6
Generic BackDoor [McAfee]	6
PE_VIRUT.D [Trend Micro]	6
Virus.Win32.Virut.n [Kaspersky Lab]	6
WORM_RBOT.GEN [Trend Micro]	6
WORM_RBOT.GEN-1 [Trend Micro]	6
Backdoor.Win32.Rbot.aju [Kaspersky Lab]	5
Mal/Packer [Sophos]	5
W32/Sdbot.worm.gen.h [McAfee]	5
W32/Vetor-A [Sophos]	5
W32/Virut.gen [McAfee]	5
Win32/IRCBot.worm.variant [AhnLab]	5
Backdoor.SpyBoter [PC Tools]	4
Backdoor:Win32/Rbot.HB [Microsoft]	4
Exploit-DcomRpc.gen [McAfee]	4
Generic.dx!pv [McAfee]	4
Trojan-Banker.Win32.Banker.akbm [Kaspersky Lab]	4
Trojan-Downloader.Win32.Banload.adjp [Kaspersky Lab]	4
W32/Rbot-AZL [Sophos]	4
W32/Sdbot.worm.gen.as [McAfee]	4
Win32/IRCBot.worm.167424.B [AhnLab]	4
Win-Trojan/Xema.variant [AhnLab]	4
Worm.Akbot.Gen [PC Tools]	4
Worm.RBot.DBI [PC Tools]	4
Infostealer.Bancos [Symantec]	3
Suspicious.MH690 [Symantec]	3
Trojan.Win32.Delf.ort [Kaspersky Lab]	3
Trojan-Downloader.Win32.Genome.rrd [Kaspersky Lab]	3
W32.IRCBot [Symantec]	3
Backdoor.Sdbot [Symantec]	2
Generic Dropper [McAfee]	2
Generic.dx!cp [McAfee]	2
Mal/Behav-233 [Sophos]	2
Mal/PWS-Fam [Sophos]	2
Trojan.Win32.Delf.osh [Kaspersky Lab]	2
Trojan-Banker.Win32.Banbra.pht [Kaspersky Lab]	2
Trojan-Banker.Win32.Banker.ambk [Kaspersky Lab]	2
TrojanSpy:Win32/Banker.GV [Microsoft]	2
Virus:Win32/Virut.AK [Microsoft]	2
W32/Rbot-Fam [Sophos]	2
W32/Rbot-Fam, W32/Rbot-Gen, Mal/Emogen-N, Mal/Behav-024, Mal/IRCBot-B, Mal/Emogen-Q [Sophos]	2
W32/Sdbot.worm [McAfee]	2
W32/Sdbot.worm.gen.x [McAfee]	2
Win-Trojan/Banker.406016.K [AhnLab]	2
Worm.RBot.Gen.14 [PC Tools]	2
WORM_SDBOT.CTJ [Trend Micro]	2
Backdoor.IRC.Bot [Symantec]	1
Backdoor.IRCBot!sd6 [PC Tools]	1
Backdoor.Mytobor.W [PC Tools]	1
Backdoor.Win32.Bifrose.asms [Kaspersky Lab]	1
Backdoor.Win32.Ciadoor.123 [Ikarus]	1
Backdoor.Win32.Ciadoor.13.ra [Kaspersky Lab]	1
Backdoor.Win32.Delf.akl [Kaspersky Lab]	1
Backdoor.Win32.Delf.qaa [Kaspersky Lab]	1
Backdoor.Win32.Delf.qfe [Kaspersky Lab]	1
Backdoor.Win32.IRCBot.az [Kaspersky Lab]	1
Backdoor.Win32.IRCBot.cqa [Kaspersky Lab]	1
Backdoor.Win32.Rbot.10 [Kaspersky Lab]	1
Backdoor.Win32.Rbot.accq [Kaspersky Lab]	1
Backdoor.Win32.Rbot.akm [Kaspersky Lab]	1
Backdoor.Win32.Rbot.pd [Kaspersky Lab]	1
Backdoor.Win32.Small.htr [Kaspersky Lab]	1
Backdoor.Wootbot.VG [PC Tools]	1
Backdoor:Win32/AXO.A [Microsoft]	1
Backdoor:Win32/IRCbot [Microsoft]	1
Backdoor:Win32/Novadoor.1_0 [Microsoft]	1
BackDoor-AWQ.b [McAfee]	1
BKDR_RBOT.10 [Trend Micro]	1
Downloader [Symantec]	1
Generic BackDoor!zr [McAfee]	1
Generic Downloader.c [McAfee]	1
Generic Packed [McAfee]	1
Generic.dx!eb [McAfee]	1
Mal/Banker-Fam [Sophos]	1
Mal/Behav-204 [Sophos]	1
Mal/EncPk-BA, Mal/EncPk-BU [Sophos]	1
Mal/EncPk-BU, Mal/Packer, Mal/EncPk-BA [Sophos]	1
Mal/GamePSW-B [Sophos]	1
Mal/ProcInj-Fam [Sophos]	1
Net-Worm.Win32.Kolab.ftw [Kaspersky Lab]	1
New Malware.dz [McAfee]	1

Backdoor.Win32.Rbot [Ikarus] has the following possible countries of origin:

Origin		Number of Incidents
	Brazil	85
	United Kingdom	9
	China	6
	Israel	6
	Iran	3
	France	2
	Germany	2
	Portugal	2
	Denmark	1
	Italy	1
	Poland	1

Backdoor.Win32.Rbot [Ikarus] is known to be created as:

%ProgramFiles%\atelier web\awft\awft.exe

%ProgramFiles%\atelier web\remote commander\awrckey.exe

%ProgramFiles%\exeem lite\client.dll

%ProgramFiles%\game_maker7\drxj.exe

%ProgramFiles%\glace\glace.exe

%ProgramFiles%\internet explorer\dll.exe

%ProgramFiles%\internet explorer\javawins.exe

%ProgramFiles%\internet explorer\killnet.exe

%ProgramFiles%\internet explorer\marte.exe

%ProgramFiles%\pscs\pssrv.exe

%System%\asn.exe

%System%\avasts.exe

%System%\botfile.exe

%System%\bypjfxk32.exe

%System%\ccrl.exe

%System%\cjpgauw.exe

%System%\cqdrrk.exe

%System%\deleta.exe

%System%\delete.exe

%System%\dllcache\prsc32.exe

%System%\down1086.exe

%System%\flammentos.exe

%System%\fnovavic23.exe

%System%\iccycua.exe

%System%\javaplugt.exe

%System%\micr0s0ft.exe

%System%\msni.exe

%System%\msnmess.exe

%System%\msnsky.exe

%System%\navprot1.exe

%System%\netsystem.exe

%System%\nnfgb.exe

%System%\nod64.exe

%System%\outcase.exe

%System%\outdoor.exe

%System%\p2pnetwork.exe

%System%\p4037f.exe

%System%\plscd.exe

%System%\programs\hotmail_account_sniffer.exe

%System%\programs\porn.exe

%System%\programs\porn_account_cracker.exe

%System%\programs\porn_account_hacker.exe

%System%\programs\yahoo_cracker.exe

%System%\programs\yahoo_hacker.exe

%System%\programs\yahoo_mail_cracker.exe

%System%\saidqad32.exe

%System%\svchost32.exe

%System%\svchosts.exe

%System%\taskhide.exe

%System%\uatbrld32.exe

%System%\ueprl.exe

%System%\update.exe

%System%\vydyzhf32.exe

%System%\willkill.exe

%System%\win32snd.exe

%System%\win7.exe

%System%\winiogon.exe

%System%\winupdate.exe

%System%\wixnmas32.exe

%System%\wkaz.exe

%System%\wkazqbn32.exe

%System%\wuamgrd.exe

%System%\wuamgrdx.exe

%System%\wuamguard.exe

%System%\xjzkpmx32.exe

%System%\xpnkvmh32.exe

%Temp%\11.exe

%Temp%\ixp000.tmp\lxrpmuzq.exe

%Temp%\ntlea_086_beta\ntlea.exe

%Temp%\rarsfx0\rstil.exe

%Windir%\anti.exe

%Windir%\gbplugin.exe

%Windir%\live.exe

%Windir%\ocxlist\suchost.exe

%Windir%\temp\r_bot.dll

%Windir%\windlivemsn.exe

Notes:

%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.