Rbot - scrtkfg.exe and icp.exe
Sunday, April 17, 2005
Author: freddie_farnakle
This appears to be a variant of Richard's ciscv.exe/icp.exe reported March 30. Does exactly the same things... scrtkfg.exe thrashes about trying to contact http.pr3d.us over port 5001 again with multiple IP's while icp.exe hogs 99% of CPU time.
I submitted files to VET and got this reply today:
The Windows PE (I386,EXE) file "scrtkfg.exe" has been determined to be
malicious.
Aliases reported by other Antivirus products are listed here:
(W32/Spybot.JDT) (Backdoor.Win32.Rbot.gen) (W32.Spybot.Worm)
CA antivirus products address this malware as follows:
Vet Anti-Virus 10.6x
We will inform you by email ASAP when we have a signature update available providing detection
http://www.antisource.com/article.php/rbot-scrtkfg-icp