A Bot, sometimes referred to as Zombie, is a computer that has been infected with malware that allows a remote malicious user access to the computer. This Bot attempts to spread via MSN Messenger.
Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
Upon execution this malware drops a copy of itself in the following directory:
Note: %windir% is typically C:\Windows
It also displays the following:
There is no picture, the message is false and is used as a decoy.
It creates an autostart function by adding the following registry keys:
It disable the Task Manager and the Registry Editor by setting the following:
This backdoor has keylogging capabilities and saves all the data to the following location:
Like many other typical Bots, it connects to a server on port 1863 and waits for a command from a remote hacker.
IRCBot attempts to connect to the following site:
This Bot has the following commands:
Date Created: -
Date Last Modified: -