Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:04/12/2007
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Low to medium
Damage Potential:Medium
Static file:Yes
File size:54.784 Bytes
MD5 checksum:912120e91ae736239fd4902f7d0d5751
IVDF version:

 General Aliases:
   •  Mcafee: W32/
   •  Panda: W32/Ircbot.CKA
   •  Eset: Win32/IRCBot.AMC

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Drops malicious files
   • Registry modification
   • Third party control

 Files It copies itself to the following location:
   • %SYSDIR%\dllcache.exe

It deletes the initially executed copy of itself.

 Registry One of the following values is added in order to run the process after reboot:

–  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "netmon"="%SYSDIR%\dllcache.exe"

 IRC To deliver system information and to provide remote control it connects to the following IRC Server:

Server: 75.150.1**********.2**********
Port: 4545
Channel: #ninjas
Nickname: [00-USA-XP-%number%]

Description inserted by Petre Galan on Thursday, February 18, 2010
Description updated by Petre Galan on Thursday, February 18, 2010

Back . . . .