A Bot, sometimes referred to as Zombie, is a computer that has been infected with malware that allows a remote malicious user access to the computer. This Bot attempts to spread via MSN Messenger.
Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
Upon execution this malware drops a copy of itself in the following directory:
Note: %windir% is typically C:\Windows
It also displays the following:
There is no picture, the message is false and is used as a decoy.
It creates an autostart function by adding the following registry keys:
It disable the Task Manager and the Registry Editor by setting the following:
This backdoor has keylogging capabilities and saves all the data to the following location:
Like many other typical Bots, it connects to a server on port 1863 and waits for a command from a remote hacker.
IRCBot attempts to connect to the following site:
This Bot has the following commands: