Troj/IRCBot-XD is a Trojan for the Windows platform.
When first run Troj/IRCBot-XD copies itself to <System>\libcinet.exe and creates the file <System>\libwinets.dll. This file is also detected as Troj/IRCBot-XD. The Trojan also creates the file egos.txt, where information taken from the clipboard and from the keylogging component is stored. This file may be safely deleted.
The following registry entry is created to run code exported by a random CLSID linked to the file libwinets.dll on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
printers
<random CLSID>
The file libwinets.dll is registered as a COM object, creating registry entries under:
HKCR\CLSID\<random CLSID>