W32/IRCBot.Awp.Backdoor is a Trojan that will infect Windows systems.

The Trojan will arrive as a dropped file of another malware or may be downloaded from the Internet.

Upon execution, it drops as WinUpdater.exe in the Windows System folder.


It modifies the registry at the following location to ensure its automatic execution at every system startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

More information can be found at this Proland Software page.