Win32/Esbot

Detected by Microsoft Defender Antivirus

Aliases: W32/IRCbot.gen (McAfee) Esbot (Symantec) BKDR_RBOT (Trend Micro) W32/Backdoor.EUR (F-secure) Esbot (Sophos) Win32.Esbot (CA)

Summary

Windows Defender Antivirus detects and removes this threat.

Worm:Win32/Esbot is a family of network worms that targets Microsoft Windows 2000 computers by exploiting the Windows Plug-and-Play buffer overflow vulnerability that is fixed with Microsoft Security Bulletin MS05-039. The worm can also infect computers running other Windows operating systems if it is delivered through e-mail, instant messaging, or other routes. The worm has a backdoor component that connects to an IRC server to receive commands from attackers.

Use the following free Microsoft software to detect and remove this threat:

Microsoft Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
Microsoft Safety Scanner

You should also run a full scan. A full scan might find hidden malware.

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Win32/Esbot

Summary

What to do now

Get more help

Technical information

Threat behavior

Prevention

Symptoms