Troj/Spybot-AM is an IRC backdoor Trojan which runs in the background as a service process and allows unauthorised remote access to the computer over a network.
The Trojan copies itself to the Windows system folder as UPDT32V4.EXE and adds entries to the registry to run itself on system restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Configuration update
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\Configuration update
Troj/Spybot-AM then logs on to predefined IRC servers and waits for backdoor commands.
The Trojan also terminates the following processes:
REGEDIT.EXE
MSCONFIG.EXE
TASKMGR.EXE
NETSTAT.EXE.