W32/IRCbot-ADE

Category: Viruses and Spyware Protection available since:29 Nov 2008 08:52:11 (GMT)
Type: Win32 worm Last Updated:29 Nov 2008 08:52:11 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/IRCbot-ADE is a worm with IRC backdoor functionality for the Windows platform.

W32/IRCbot-ADE runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

When first run W32/IRCbot-ADE copies itself to:

<Program Files>\KaZaA\My Shared Folder\16 year old cutie fucked in ass.pif
<Program Files>\KaZaA\My Shared Folder\16 year old sex pics.pif
<Program Files>\KaZaA\My Shared Folder\17 year old cutie fucked in ass.pif
<Program Files>\KaZaA\My Shared Folder\17 year old sex pics.pif
<Program Files>\KaZaA\My Shared Folder\18 year old cutie fucked in ass.pif
<Program Files>\KaZaA\My Shared Folder\18 year old sex pics.pif
<Program Files>\KaZaA\My Shared Folder\19 year old cutie fucked in ass.pif
<Program Files>\KaZaA\My Shared Folder\19 year old sex pics.pif
<Program Files>\KaZaA\My Shared Folder\MSN PASSWORD STEALER.exe
<Program Files>\KaZaA\My Shared Folder\MSN Password Hacker.exe
<Program Files>\KaZaA\My Shared Folder\STeAm PassWord STEALER.exe
<Program Files>\KaZaA\My Shared Folder\asian fucker.exe
<Program Files>\KaZaA\My Shared Folder\cute asian whore fucked from behind.exe
<Program Files>\KaZaA\My Shared Folder\cute bitch from www.myspace.com
<Program Files>\KaZaA\My Shared Folder\exclusive_teen_porn.com
<Program Files>\KaZaA\My Shared Folder\freeporn.com
<Program Files>\KaZaA\My Shared Folder\guy with two dicks from www.myspace.com
<Program Files>\KaZaA\My Shared Folder\hardcore footfetish.pif
<Program Files>\KaZaA\My Shared Folder\hardcore porn.pif
<Program Files>\KaZaA\My Shared Folder\harry_potter.exe
<Program Files>\KaZaA\My Shared Folder\how to hack steamcomunity.com
<Program Files>\KaZaA\My Shared Folder\how to hack www.gmail.com
<Program Files>\KaZaA\My Shared Folder\how to hack www.hotmail.com
<Program Files>\KaZaA\My Shared Folder\how to hack www.myspace.com
<Program Files>\KaZaA\My Shared Folder\how to hack www.youtube.com
<Program Files>\KaZaA\My Shared Folder\my girlfriends pussy.pif
<Program Files>\KaZaA\My Shared Folder\need for speed.exe
<Program Files>\KaZaA\My Shared Folder\secret.sex.tape.com
<Program Files>\KaZaA\My Shared Folder\sexy babe.pif
<Program Files>\KaZaA\My Shared Folder\sexy girl 15 movie.mpeg.pif
<Program Files>\KaZaA\My Shared Folder\whore raped.exe
<Program Files>\KaZaA\My Shared Folder\young sexy lady.com
<Program Files>\KaZaA\My Shared Folder\young teen sex.com

and creates the file <Temp>\pqyrrul.dll. This file is also detected as W32/IRCbot-ADE.

The following registry entry is set:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs
<Root>\DOCUME~1\sara\LOCALS~1\Temp\pqyrrul.dll

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy