W32/Spybot-BM is a peer-to-peer worm and backdoor Trojan that copies itself into the Windows system folder using a random name and sets the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\Winsock2 driver
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Winsock2 driver
W32/Spybot-BM creates the folder kazaabackupfiles in the Windows system folder and copies itself there using various filenames.
The worm also sets the following registry entry to point to this folder:
HKCU\Software\Kazaa\LocalContent\Dir0
W32/Spybot-BM terminates regedit.exe, taskmgr.exe, msconfig.exe and netstat.exe. The worm also logs on to a predefined IRC server to wait for backdoor commands.