Threat Information for "Win32.IRC.Bot"
| Summary | Top |
- Name: Win32.IRC.Bot
- Aliases:Worm/Rbot.196070, W32/Sdbot.QRO, Win32:Rbot-AMU, IRC/BackDoor.SdBot2.YZ, Backdoor.Rbot.AEM, Backdoor.Rbot.aem
- Date Discovered: 2006-08-15
- Protection Added: 2006-08-24
| Description | Top |
-- Ease of Removal 1: Uses running processes 2: Consistent file contents 3: Consistently named 4: Creates new registry entries with consistent data -- Privacy Risks/Security Changes 1: Transmits personal data to remote computers 2: Logs browsing habits and visited websites -- Damage/Intrusion/Annoyance 1: Changes browser home page 2: Autoruns at startup without an option to be disabled -- Propagation/Saturation 1: Spreads through Internet Relay Chat (IRC) [VIRUS ONLY] 2: Creates new files 3: Mimics legitimate file names
| Technical Details | Top |
- Added Directory/File:
FilePath: %SYSTEMDIR%\*.exe MD5: 6585d491f16cc6729716d45274da46be - Added Directory/File:
FilePath: %WINDIR%\update\updmgr.exe MD5: 12339bf137e41d83f85027062d2b5a0a - Added Directory/File:
FilePath: %ROOTDRIVE%*.exe MD5: 12339bf137e41d83f85027062d2b5a0a - Added Directory/File:
FilePath: %SYSTEMDIR%\firewall.exe MD5: 6585d491f16cc6729716d45274da46be - Added Registry Key:
Key: HKLM\SOFTWARE\Tmp - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: Microsoft (R) Windows Update Manager - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: Local Security Authority Service - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: Windows Network Firewall - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %WINDIR%\update\updmgr.exe - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\firewall.exe
