W32/IRCBot-XN is an IRC backdoor worm for the Windows platform.
When first run W32/IRCBot-XN copies itself to <System>\msnfix.exe and creates the file <System>\syspoints.dll.
The following registry entry is created to run code exported by {1002A855-3682-4FB3-B0FC-677B30CFEED5} on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Version1
{1002A855-3682-4FB3-B0FC-677B30CFEED5}
The file syspoints.dll is registered as a COM object, creating registry entries under:
HKCR\CLSID\{1002A855-3682-4FB3-B0FC-677B30CFEED5}