Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Another round of bots for MSRT

10 Feb 2011   #1

Win 7 Ultimate 64-bit. SP1.
Another round of bots for MSRT


This month we add another bot to the MSRT family list – Win32/Cycbot. Cycbot was discovered in August 2010 and has quickly become prevalent.

It seems that Cycbot’s creators called it “Gbot”, as it used this name as an identifier in the reports it would send back to its controllers. Recent variants of the malware have stopped using this identifier, possibly in an attempt to make detection more difficult, but the functionality hasn’t changed much. All of Cycbot’s communications are done using HTTP, including the retrieval of backdoor commands. As a backdoor, it’s functionality is limited to capabilities like updating itself and downloading and running other malware; we’ve seen it download Rogue:Win32/FakePAV in the past. Its main purpose, however, is more subtle.

Cycbot sets itself up as an HTTP proxy for any machine it affects. It does this by listening on a TCP port such as 54141 (this number varies), and then changing the browser’s proxy settings to point to this port on the local host. It can do this for Internet Explorer, Firefox and Opera.
Another round of bots for MSRT - Microsoft Malware Protection Center - Site Home - TechNet Blogs

My System SpecsSystem Spec


 Another round of bots for MSRT

Thread Tools

Similar help and support threads
Thread Forum
Concerned about bots
Recently I have received numerous calls from someone claiming to be from the Windows Support Team. I have always hung up on them because I suspected they were phishing. However, the last call said that my PC was being taken over and used as a bot. Has anyone else been receiving these calls?
General Discussion
MSRT August - Lecpetex
Source: MSRT August - Lecpetex - Microsoft Malware Protection Center - Site Home - TechNet Blogs See also:
Security News
MSRT October ’11: EyeStye
Source A Guy
Security News
A Second MSRT Release in April
Source A Guy
Security News
This one comes from a drive-by download with the domain hosted in Moldova. The fake tool may install on your system as “Protection System”. Complete report with images at Malware Diaries » Blog Archive » MSRT Not!
System Security
Bots, bots, and again bots.
Source - Microsoft Malware Protection Center
Security News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 16:29.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App