IRCbot Virus Description
IRCbot is a backdoor file that is controlled by IRC and it provides that attacker with unauthorized remote access to the computer that is compromised. Here the attacker will exercise his control over the compromised computer and will be able to install further malware or spam. This is a PE executable file, is about 8kB long, is patched up with PE_Patch and packed with MEW file compressor.
IRCbot Malware Installation
The common installation methods involve security or system exploitation and some of the unsuspecting users executing the unknown programs manually. The distribution channels include hacked or malicious WebPages, email, IRC (Internet Relay Chat), P2P networks etc.
Characteristics of the IRCbot Computer Virus
After execution, IRCbot will drop a cop of bot into the current user’s temp directory that is logged in. It also drops the non-malicious files, which is part of its installation routine and adds values to registry in order to start itself automatically when Windows starts.
How IRCbot Malware Works
When the backdoor file is activated on the computer, then it copies the file to Windows Systems as MOUSEBM.EXE and later starts the file copied as service named as “Mouse Button Monitor”. IRCbot will enable the system to maintain the synchronization with PS/2 pointing device. Disabling or stopping of this service will lead system instability.
Symptoms of the IRCbot Computer Virus
It connects to some websites and downloads further malicious files. It will add itself to in-built windows firewall application list in order to hide the network traffic that is suspicious on the machine that is infected via registry key.
Removal of the W32.IRCbot Computer Virus From Your Computer
The W32.IRCbot Computer Virus is complex and it is not recommended to attempt manual removal. Automatic removal using an updated anti-virus program is the recommended means for removal.
Click here for automatic removal instructions for removing the W32.IRCbot Computer Virus.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
