W32/Rbot-QV is a network worm with backdoor functionality allowing an attacker remote access via IRC.
When run the worm attempts to create the following registry entries to auto-start on user logon or computer reboot:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
virtual
winit.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
virtual
winit.exe
The following registry entry is also created:
HKCU\Software\Microsoft\OLE
virtual
winit.exe