Threat Database Backdoors Backdoor.Win32.IRCBot

Backdoor.Win32.IRCBot

By GoldSparrow in Backdoors

Threat Scorecard

Ranking: 16,203
Threat Level: 80 % (High)
Infected Computers: 1,013
First Seen: July 24, 2009
Last Seen: September 15, 2023
OS(es) Affected: Windows

Backdoor.IRCBot is a backdoor Trojan that spreads through a network using the MS06-040 vulnerability. By attempting to connect through IRC, Backdoor.IRCBot may receive commands from a remote host computer. From here, Backdoor.IRCBot may be instructed to log all keystrokes that you type, launch Denial of Service (DoS) attacks, send spam emails, or steal personal information data in order to commit identity theft.

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
AVG Dropper.Generic4.CMOF
Fortinet W32/IRCBot.ADAK!tr.bdr
Ikarus Virus.Win32.CeeInject
Kaspersky Backdoor.Win32.IRCBot.adak
Avast Win32:Dropper-FIT [Drp]
NOD32 a variant of Win32/Injector.KPI
McAfee Artemis!6A8AE0AE0049
AVG Generic29.XXC
AntiVir BDS/IRCBot.A.1035
DrWeb BackDoor.IRC.Bot.1894
Kaspersky Trojan.Win32.Jorik.IRCbot.qun
Avast Win32:IRCBot-EXC [Trj]
McAfee Artemis!598CBECBE830
CAT-QuickHeal Trojan.Jorik.IRCbot.qun
AVG Generic29.QGJ

SpyHunter Detects & Remove Backdoor.Win32.IRCBot

File System Details

Backdoor.Win32.IRCBot may create the following file(s):
# File Name MD5 Detections
1. svchost.exe 72a21eebae8f038084683813a34e83e3 125
2. winsvn.exe 71a1825688da9fbc6e497e0777003564 106
3. wmptv64.exe 3355861fed3b47ae8ac1882f3ab9f951 20
4. wmpdt64.exe 405a24410753538d16f65176fbe32898 13
5. wmiapsrv.exe 52b460939a1f74659363e6473ce5826f 10
6. jusched.exe 4d500e24525d32d18fe6f4c5604f822b 8
7. igfxht64.exe 598cbecbe8303f6810e2a45c94f7af53 8
8. wmpsx64.exe 27c977ec531488a06df33fdbdb19b04f 8
9. wgl23.exe 2d3d361fd06c262aa904e969b6ca31e0 6
10. wmpld64.exe bf98543d86b4c4a6e84c92ef403890f4 6
11. csrssr.exe 6a8ae0ae004930b45cb5d1f34d705fbe 6
12. jusched.exe d9c8110b2b7f3c9b3a0330b546b0cbef 5
13. wmpvt32.exe 19b27007c0b6b0a46e4bf5614117ea7c 5
14. wmpsh64.exe f6cbe63b37e9bdadc24b200d11df3e24 4
15. igfxhk64.exe bba2367cf10aa0caf3b465ddbeb97c76 4
16. xanga.exe 5db6f6352450b63c94e8fa14463e3313 3
17. irc.exe b9b5c85394a508f20c95f080545e516d 3
18. igfxper32.exe eba1c86285046e369dae00b659ac7800 2
19. Rundls32.exe 0aeca0ad26264d0b1051e6dff88d1ded 2
20. hidserv.exe 86004a56381bdac241461b6aeb9c1497 2
21. igfxbr64.exe f4209b19a87743db0e9e5d2269a9b4f6 2
22. svchosts.exe c68822bee0a9091abb64a1e20fba238a 2
23. igfxper32.exe c04100a83026f5ee5fa0f2dd0611d1e7 1
24. dhiwwr.exe 54473907bb7bbc240e32062f8b53f676 1
25. file.exe b34bed528edcd1db24fa017e6dc6a0d0 0
More files

Registry Details

Backdoor.Win32.IRCBot may create the following registry entry or registry entries:
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SvcHosts32
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SvcHosts32

Related Posts

Trending

Most Viewed

Loading...