Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
Low to medium
- Tuesday, December 9, 2008
Methods of propagation:
• Autorun feature
• Mcafee: W32/Sdbot.worm virus
• Bitdefender: Backdoor.IRCBot.ACZV
• Eset: Win32/AutoRun.IRCBot.GF
Platforms / OS:
• Windows 2000
• Windows XP
• Windows 2003
• Third party control
• Drops malicious files
• Registry modification
It copies itself to the following locations:
The following file is created:
\autorun.inf This is a non malicious text file with the following content:
%code that runs malware%
It tries to executes the following file:
The following registry key is added in order to run the process after reboot:
• "Clsid Service"="clsidsrv.exe"
It is spreading via Messenger. The characteristics are described below:
– Windows Live Messenger
The URL then refers to a copy of the described malware. If the user downloads and executes this file the infection process will start again.
To deliver system information and to provide remote control it connects to the following IRC Server:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
Description inserted by Petre Galan on Wednesday, August 11, 2010
Description updated by Petre Galan on Wednesday, August 11, 2010