| Antivirus | Spyware & Adware removal | Registry Cleaner | Windows updates | Web Protection |

    ¤ Solutions
 »  Security Main Page
 »  Virus Removal
 »  Spywares Removal
 »  Trojans Removal
 »  Our Forums
 »  Our Blogs
    ¤ Populer Threads
 »  Remove fake Antivirus
 »  Rmov SpywareGuard 2008
 »  Remove Sinowal trojan
 »  Remove Virtumonde
 »  Remove Vundo troajn
 »  Google Search redirect
 »  Trojan Downloader
 »  Trojan Dropper
 »  Trojan Generic
 »  Worm32 NetBooster
 »  Zlob trojan removal
 »  Generic Host Proccess
 »  Remove Winweb Security
 »  Virus Trigger Removal
 »  Spyware CyberLog-x
 »  Cookies - 207.net
 »  AdWare.Adrotator
 »  See Other virus removal
    ¤ Tweaks
 »  Proxy Sites
 »  Computer & Internet
 »  Folder Lock
 »  Hack Windows Admin
 »  Windows Utilities - Tips

    ¤ Downloads
 »  Super Anti Spyware
 »  MalwareBytes
 »  Threat Fire
 »  Anti Viruses
 »  Firewalls
 »  Registry Cleaners
 »  See all Downloads

 
Remove w32 Trojan downloader IRC Bot also known as Trojan downloader small, Win32/Hooker, Haxspy, FURootkit and CodBot
Summary
Win32/IRCbot is a large family of backdoor Trojans that targets computers running Microsoft Windows. The Trojan drops other malicious software and opens a backdoor on the infected computer to connect to IRC servers. The Trojan can maintain multiple IRC server connections simultaneously to receive commands from attackers.

Symptoms
There are no readily apparent indications of infection by Win32/IRCbot. The name of the Trojan file copy and corresponding registry settings may differ according to the particular variant of Win32/IRCbot.


Technical Information
Win32/IRCbot takes the following actions:
Creates a copy of itself on the infected computer. The location and name of the dropped file varies. The Trojan also adds a value and data to an autostart registry key such as HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that the Trojan runs automatically each time Windows starts. For example, one particular variant of Win32/IRCbot creates a copy of itself at %windir%\mwoffice.exe and adds value "Windows Update Controller" with data "%windir%\mwoffice.exe" to this autostart registry key.
Drops other malicious software, such as variants of:
Win32/Rbot
Win32/Sdbot
TrojanDownloader:Win32/Small
TrojanProxy:Win32/Ranky
TrojanSpy:Win32/Haxspy
Trojan:Win32/Hooker
Worm:Win32/Codbot
WinNT/FURootkit

Opens a backdoor in order to connect to certain IRC servers. The Trojan then joins specified IRC channels to receive attacker commands to perform operations such as the following:
Download and run other malicious software
Release information, such as system information and directory and file listings
Conduct denial of service attacks

Like other Trojans, Win32/IRCbot does not have its own spreading mechanism. It can be distributed in numerous ways, for example, through e-mail attachments, peer-to-peer file-sharing networks, network shares, IRC server channels, or internet file downloads.

This Malious Software can be removed using MICROSOFT MALICIOUS SOFTWARE REMOVAL TOOL

download microsoft malicious software removal tool



Custom Search

 

 
 
eXTReMe Tracker
Anti Virus - Spyware Removal - Trojan Removal - Registry Repair

         About DARFUN INC © Copyright darfuns.com
                 DARFUN CORPORATION. 2004 est