A Bot, sometimes referred to as Zombie, is a computer that has been infected with malware that allows a remote malicious user access to the computer. This Bot attempts to spread via MSN Messenger.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
Upon execution this malware drops a copy of itself in the following directory:
Note: %windir% is typically C:\Windows
It also displays the following:
There is no picture, the message is false and is used as a decoy.
It creates an autostart function by adding the following registry keys:
It disable the Task Manager and the Registry Editor by setting the following:
This backdoor has keylogging capabilities and saves all the data to the following location:
Like many other typical Bots, it connects to a server on port 1863 and waits for a command from a remote hacker.
IRCBot attempts to connect to the following site:
This Bot has the following commands: