W32/Rbot-BB is a member of the W32/RBot family of worms with backdoor
capabilities.
In order to run automatically when Windows starts up the worm copies
itself to the file video_32sD.exe in the Windows system folder and adds the
following registry entries pointing to this file:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
NVIDIA Video drivers
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
NVIDIA Video drivers
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
NVIDIA Video drivers
When run the worm attempts to connect to a remote IRC server. This connection
is used as a control channel that allows a malicious user access to the
infected computer.