Computer threads and malicious software description



Aliases: Backdoor:W32/IRCBot.GNS; Backdoor.Win32.IRCBot.dig; Backdoor:W32/IRCBot.GNS; Worm/IrcBot.96950; Worm:Win32/Pushbot.EA

Category: Malware

Parameters: Size: 96950; Type: Backdoor; Platform: W32

Short description

W32/IRCBot.GNS is a Trojan horse with a backdoor inside.

Backdoors are programs which allows of remote hacker to access the infected system and to executes commands.

Long description

W32/IRCBot.GNS comes in the system as dropped by other malware.

When started it creates own copy in:


Note: %windir% is Windows folder, usually C:\Windows\

It creates entry point in the registry.

The malware tries to connect with the following IRC server and to join in the channel #pBot:[removed]/TCP

The The presence of outgoing traffic to that address is the presence of symptoms of infection.

It creates the following records in the registry:

MSN = C:\Windows\mservice.exe

Creates also the following file:


W32/IRCBot.GNS activities are:

  • DDoS to certain IP;
  • downloads and starts files;
  • spreading by MSN and AIM protocols;
  • sets IE to remember passwords on the infected system;
  • self-updating