W32/Rbot-JG is a member of the W32/Rbot family of internet worms with backdoor components.
Sophos anti-virus products since version 3.84 have been capable of detecting this W32/Rbot-JG as W32/Rbot-Fam/Gen without requiring an update.
In order to run automatically when Windows starts up the worm copies itself to the file sp1update.exe in the Windows system folder and adds the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SP1-Update
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\SP1-Update
The worm connects to a remote IRC server. This connection enables a malicious user to remotely control an infected machine.
W32/Rbot-JG also creates the registry entry
HKCU\Software\Microsoft\OLE\SP1-Update = "sp1update.exe".