W32/IRCBot-YJ is a backdoor irc worm which allows a remote intruder to gain access and control over the computer.
W32/IRCBot-YJ includes functionality to:
- communicate with a remote server via HTTP
- communicate and accept commands via IRC
- download, install and run new software
When first run W32/IRCBot-YJ copies itself to <System>\rckit.exe and creates the following files:
<Root>\gfccx.exe
<Root>\sp2.exe
The following registry entry is created to run rckit.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LTCISI
<System>\rckit.exe