W32/Poebot-F is a network worm and IRC backdoor Trojan.
W32/Poebot-F may spread to remote network shares protected by weak passwords and computers vulnerable to common exploits, including RPC-DCOM (MS04-012) LSASS (MS04-011) and WebDav (MS03-007).
W32/Poebot-F contains backdoor Trojan functionality allowing unauthorized remote access to infected computers via IRC channels while running in the background. The worm may also steal Internet Explorer and email passwords from users of the infected computer.
W32/Poebot-F copies itself to the Windows system folder as "defragfatx.exe" and creates the following registry entry to run itself automatically at computer logon:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Windows DLL Loader
C:\WINDOWS\system32\defragfatx.exe