W32.Pejaybot


Aliases: Win32/Pejaybot, Pejaybot, Win32/Pejaybot.A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 14 Jan 2005
Damage: Low

Characteristics: W32.Pejaybot was discovered on January 14, 2005. This is a worm that propagates through file-sharing networks and opens a back door by connecting to an IRC server. It mostly affects Windows 2000, 95, 98, Me, NT, Server 2003 and XP.

More details about W32.Pejaybot

Once the worm W32.Pejaybot is executed, it does several actions to spread its infection. First, it opens a back door by connecting itself to an IRC server or channel on the IP address 72.20.25.205, using TCP port 8126. Then, it listens for unauthorized commands from a remote attacker or commonly called as hacker. Commands vary depending on the motif of the attacker. The worm may steal sensitive information, delete files, corrupt system drives and many others. The worm produces a copy of itself to the My Shared Folder or Program Files on drives C:, D: and d:. When the worm has copied itself, it propagates via file-sharing networks.

The W32.Pejaybot program also attempts to download and install files within your computer even without the user’s consent for this is a program specifically designed to functionality to do so without the knowledge of the client as pertained to a downloader including codes and other malicious programs. Upon execution, the W32.Pejaybot copies its application into a different Windows folder with the same file name and extension. Afterwards, it starts itself thru a function out of the particular Windows folder. A provisional file is being taken care of in a loop of erasing file via, if it exists, a check until the said file could be totally deleted form your system.