Win32/Pejaybot, Pejaybot, Win32/Pejaybot.A
Category: Computer Worm
Some parts of Asia, Europe, North and South America, Africa and Australia
14 Jan 2005
W32.Pejaybot was discovered on January 14, 2005. This is a worm that propagates through file-sharing networks and opens a back door by connecting to an IRC server. It mostly affects Windows 2000, 95, 98, Me, NT, Server 2003 and XP.
W32.Pejaybot Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Pejaybot from your computer.
More details about W32.Pejaybot
Once the worm W32.Pejaybot is executed, it does several actions to spread its infection. First, it opens a back door by connecting itself to an IRC server or channel on the IP address 188.8.131.52, using TCP port 8126. Then, it listens for unauthorized commands from a remote attacker or commonly called as hacker. Commands vary depending on the motif of the attacker. The worm may steal sensitive information, delete files, corrupt system drives and many others. The worm produces a copy of itself to the My Shared Folder or Program Files on drives C:, D: and d:. When the worm has copied itself, it propagates via file-sharing networks.
The W32.Pejaybot program also attempts to download and install files within your computer even without the user’s consent for this is a program specifically designed to functionality to do so without the knowledge of the client as pertained to a downloader including codes and other malicious programs. Upon execution, the W32.Pejaybot copies its application into a different Windows folder with the same file name and extension. Afterwards, it starts itself thru a function out of the particular Windows folder. A provisional file is being taken care of in a loop of erasing file via, if it exists, a check until the said file could be totally deleted form your system.