|W32/Rbot-DK is a worm which attempts to spread to remote network shares.
It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.
It spreads to network shares with weak passwords and via network security exploits as a result of the backdoor Trojan element.
Copies itself to the Windows system folder as NDRIVES32.EXE.
Creates entries at the following locations in the registry:
W32/Rbot-DK may set the following registry entries:
HKLM\SOFTWARE\Microsoft\Ole\EnableDCOM = "N"
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous = "1"
Also, may try to delete the C$, D$, E$, IPC$ and ADMIN$ network shares on the host computer.
Drops 3 files to the current folder called EXPIORER.EXE, ADMDLL.DLL and RADDRV.DLL, all of which appear to be legitimate remote server applications.
Use antivirus (also check How To Remove section)Startup Optimizer to remove this worm from startup.