W32/IRCBot-TG

Category: Viruses and Spyware Protection available since:18 Dec 2006 00:00:00 (GMT)
Type: Win32 worm Last Updated:18 Dec 2006 00:00:00 (GMT)
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/IRCBot-TG is a worm with backdoor functionality which allows a remote intruder to gain access and control over the computer.

W32/IRCBot-TG spreads to other network computers through pooly secured netword shares. The worm runs continously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

When first run, W32/IRCBot-TG copies itself to <System>\arman.exe.

The following registry entry is created to run the worm on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Arman
<path of worm executable>

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy