|Backdoor.IRC.Spybuzz is a backdoor Trojan horse that uses Internet Relay Chat networks as its backdoor channels.
Copies itself as %System%\Mirc32.exe.
Creates a thread that continuously monitors the registry.
Adds the value:
to the registry keys:
Creates a thread that logs key strokes and creates the file, %System%\keylog.txt, to store the keystrokes.
Connects to predefined set of IRC servers at port 6667 and waits for commands from the attacker.
Once the backdoor is established, the attacker could control the infected system.
Some of the actions the attacker can perform include:
- Downloading and executing files
- Launching Denial of Service attacks
- Stealing information
- Listing, stopping, and creating processes
- Controlling the file system and list, deleting, renaming, and creating files
Use antivirus (also check How To Remove section)Startup Optimizer to automatically remove this registry item.