by ?
Packed with EXE32Pack
Backdoor.Win32.Rbot.gen: dropped file: c:\WINNT\system32\wkssvrs.exe size: 105.408 bytes port: 113 TCP startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Microsoft Updates" data: wkssvrs.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Microsoft Updates" data: wkssvrs.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Microsoft Updates" data: wkssvrs.exe Does (try to) connect to an IRC server tested on Win2000MegaSecurity