Troj/Rbot-XV is an IRC backdoor Trojan for the Windows platform.
The Trojan copies itself to a file named wmplayer.exe in the Windows system folder and creates the following registry entries:
HKCU\Software\Microsoft\OLE
Windows Media Player
"wmplayer.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Media Player
"wmplayer.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Windows Media Player
"wmplayer.exe"
Troj/Rbot-XV can be controlled by a remote attacker over IRC channels. The Trojan can be instructed by a remote user to perform the following functions:
upload, download and execute arbitrary files
start a remote shell