Hkey Local Machine Software Microsoft Windows Currentversion Run

1. What is the Trojan.IRCBot

Trojan.IRCBot is a malicious backdoor Trojan that uses the popular IRC (Internet chat related) program, which causes many problems of unwanted computer.

The Trojan may open a backdoor on your computer that allow a remote attacker to use Internet Relay Chat (IRC) to remotely control the system, send the worm to other IRC channels, update the Trojan, download and run other malicious programs on your PC, perform Denial of Service (DoS) attacks against a specific target and send spam email using your Internet connection from your computer.

This worm uses the network-both known attacks to replicate across vulnerable networks. In order to replicate itself across the network, you can Trojan.IRCBot.Gen commonly used TCP ports used by some other worms: 135 139 445 or 593. This capability makes it a real threat to enterprise networks and servers. Using it as a backdoor, a remote attacker could endanger confidential business data.

The most common ways of becoming infected with this worm are of three types:

* By visiting warez sites,
* Download pirated software from P2P networks,
* Or by opening an attachment to infected emails.

2. How to detect Trojan.IRCBot SaX2

Please update basic knowledge of politics sax2 in time, we need to add some policies sax2 to detect Trojan.IRCBot once sax2 detects the IRCBot Trojan attempts to connect to the host remote connection will be interrupted immediately to ensure the network and business security.

3. How to manually remove the Trojan

* Files associated with infection Trojan.IRCBot:
svchost.exe
1clickpcfix.exe
takod.exe
WindowsLive.exe
System32.exe
egun.exe

* Trojan.IRCBot processes to kill:
svchost.exe
1clickpcfix.exe
takod.exe
WindowsLive.exe
System32.exe
egun.exe

* Delete the Trojan registry entries:
Svchost HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun 1 Click PC Fix - 3.5
Akodo HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices
HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ Windows \ CurrentVersion \ Run \ svchost
HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ Windows \ CurrentVersion \ Run \ 1 Click PC Fix - 3.5
HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ Takoda
HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ Windows \ CurrentVersion \ Run \ Windows Live
HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ Windows \ CurrentVersion \ Run \ System32 Windows monitor
HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ Windows \ CurrentVersion \ Run \ Windows System Guard