This worm spreads through network shares. It uses NetBEUI functions to get any available lists of user names and passwords. It then searches for and lists down the following shared folders, where it drops a copy of itself by using the gathered information:
Important note: The "Minimum scan engine" refers to the earliest Trend Micro scan engine version guaranteed to detect this threat. However, Trend Micro strongly recommends that you update to the latest version in order to get comprehensive protection. Download the latest scan engine here.
Identifying the Malware Program
To remove this malware, first identify the malware program.
Scan your system with your Trend Micro antivirus product.
Scan your system with Trend Micro antivirus and delete all files detected as WORM_RBOT.BO. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro�s free online virus scanner.
This malware exploits the following known vulnerability in Windows:
Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
Download and install the following fix patch supplied by Microsoft: