This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
~ 40.000 Bytes
- Saturday, June 28, 2008
Methods of propagation:
• Kaspersky: Backdoor.Win32.IRCBot.duc
• Eset: a variant of Win32/Injector.BB trojan
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
• Registry modification
• Third party control
Right after execution the following information is displayed:
It copies itself to the following location:
One of the following values is added in order to run the process after reboot:
• "Windows UDP Control Services"="wksvcsc.exe"
To deliver system information and to provide remote control it connects to the following IRC Server:
Server password: asd
– Furthermore it has the ability to perform actions such as:
• connect to IRC server
• Download file
• Edit registry
• Join IRC channel
• Leave IRC channel
• Updates itself
The malware program was written in MS Visual C++.
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.
Description inserted by Alexander Neth on Tuesday, July 1, 2008
Description updated by Alexander Neth on Tuesday, July 1, 2008
Get in touch
Questions? We are happy to help you.
1 800 403 7019
Start a chat
Send an email
Find a solution in our Avira Answers community
Send an email
Case Record Type