Threat Encyclopedia

Home > Threat Center > Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

O
P
Q
R
S
T
U
V
W
X
Y
Z
Glossary

Short description
Win32/IRCBot.AGP is an IRC controlled backdoor.

Installation
When executed, the backdoor copies itself in the %windir% folder using the following name:

winrofl32.exe (64000 B)

In order to be executed on every system start, the backdoor sets the following Registry entry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows UDP Control Center" = "winrofl32.exe"

The backdoor displays a fake error message:

viruses/win32-ircbot-agp.gif />

Spreading via IM networks
The backdoor sends links to AIM (AOL Instant Messenger), AOL Triton, MSN Messenger users.

If the link is clicked a copy of the backdoor is retrieved from the Internet.

Other information
Win32/IRCBot.AGP is an IRC controlled backdoor. The backdoor is sent data and commands from a remote computer or the Internet.

The backdoor connects to the following address:

zenaz.dalnetirc.net

It can execute the following operations:

download files from a remote computer and/or Internet
update itself to a newer version spread via IM networks

The backdoor may create copies of itself using the following filenames:

%windir%\winrofl32.exe_ (64000 B)

All Products:

Cart About ESET Partners United States and Canada

© 2012 ESET North America. All rights reserved. Trademarks used herein are trademarks or registered trademarks of ESET spol. s r.o. or ESET North America.
All other names and brands are registered trademarks of their respective companies.