Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Win32/Ftirca.A

Aliases:Trojan.Spy.Gen (McAfee-GW-Edition), W32/IRCBot-based!Maximus (F-Prot), DLOADER.IRC.Trojan (Dr.Web) 
Type of infiltration:Trojan  
Size:143872 B 
Affected platforms:Microsoft Windows 
Signature database version:4989 (20100331) 

Short description

The trojan serves as a backdoor. It can be controlled remotely.

Installation

The trojan does not create any copies of itself.

Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan connects to the following addresses:
  • irc.rinet.ru
  • ftp.narod.ru
The IRC, FTP protocol is used.

It can execute the following operations:
  • download files from a remote computer and/or the Internet
  • send files to a remote computer
  • run executable files
The trojan may set the following Registry entries:
  • [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion
    Run]
    "svchost" = "%malwarepath%"
This way the trojan ensures that the file is executed on every system start.

The trojan may create the following files:
  • %temp%wsu32.dat
  • %temp%from.bin