|W32.IRCBot.D is a backdoor trojan horse that connects to a remote IRC server and awaits commands from the attacker.
Attempts to steal license keys for various games.
Allows unauthorized remote access to an infected computer.
Attempts to remove the following shares on the local drive: c$; d$; IPC$; admin$
Attempts to connect to the IRC server metal.electrogiant.com on TCP port 5599.
Joins a predefined channel, using a random username, and waits for commands from the IRC server.
These commands can allow the attacker to:
- Managing installation of back door.
- Transmitting the back door to designated IRC channels.
- Downloading and executing arbitrary files.
- Performing DoS attacks against attacker specified targets.
- Send out private information.
- Terminating arbitrary processes.
- Visiting websites.
- Start socks proxy service.
- Copying itself to shared folders on other machines.
- Steal license keys for different games
Navigate to each of these keys:
From each key that is found, delete the value: "Win32 USB2.0 Driver" = "386.exe"
Still have a problem? Ask for help at our discussion forum.