ThreatExpert's Statistics for W32.IRCBot.Gen [Symantec]:

W32.IRCBot.Gen [Symantec] is also known as:

Threat Alias	Number of Incidents
BackDoor-AVW [McAfee]	37,454
BKDR_AVW.A [Trend Micro]	27,750
Backdoor.Prorat [Symantec]	20,310
Backdoor.ProRAT.K [PC Tools]	15,540
Troj/Prorat-19 [Sophos]	14,208
Backdoor.Win32.Prorat.19.aep [Kaspersky Lab]	13,986
Backdoor:Win32/Prorat.I [Microsoft]	13,764
Backdoor.Win32.Prorat [Ikarus]	12,578
Backdoor.Win32.Prorat.19.i [Kaspersky Lab]	12,543
Backdoor.Prorat!sd5 [PC Tools]	10,323
Backdoor.Win32.Prorat.ae [Kaspersky Lab]	9,703
Backdoor.ProRat [PC Tools]	9,174
Win-Trojan/Prorat.36864 [AhnLab]	7,770
Troj/Prorat-AZ [Sophos]	5,017
Backdoor:Win32/Prorat [Microsoft]	4,884
BKDR_Generic [Trend Micro]	3,366
Win-Trojan/Prorat.36864.B [AhnLab]	2,509
BKDR_PRORAT.BL [Trend Micro]	1,254
PWCrack-PassView [McAfee]	681
Application.StoragePass_Viewer [PC Tools]	576
not-a-virus:PSWTool.Win32.PassView.bj [Kaspersky Lab]	462
not-a-virus.PSWTool.PassView [Ikarus]	416
HackTool:Win32/Passview [Microsoft]	408
Win32/IRCBot.worm.variant [AhnLab]	335
Hacktool.PStorRevealer [Symantec]	144
not-a-virus:PSWTool.Win32.PassView.162 [Kaspersky Lab]	133
Hacktool.PassReminder [Symantec]	93
Worm:Win32/Pushbot.gen [Microsoft]	88
not-a-virus:PSWTool.Win32.PassView.b [Kaspersky Lab]	86
New Malware.b [McAfee]	80
PWS:Win32/Passview [Microsoft]	79
Trojan.IRCBot [PC Tools]	77
Trojan-Dropper.Delf [Ikarus]	77
Win32/IRCBot.worm.Gen [AhnLab]	77
Backdoor.Win32.IRCBot.gen [Kaspersky Lab]	74
W32/Sdbot.worm.gen.a [McAfee]	65
Troj/Agent-GMF [Sophos]	63
BackDoor-CZP.dr [McAfee]	62
Backdoor.Win32.Turkojan.r [Kaspersky Lab]	61
Generic QHosts.a.gen [McAfee]	57
Backdoor.Win32.IRCBot [Ikarus]	49
Trojan.Win32.Qhost.cm [Kaspersky Lab]	46
Win-Trojan/Turkojan.307712 [AhnLab]	39
Worm.Sdbot.ETU [PC Tools]	36
Virus.Win32.IRCBot.BSX [Ikarus]	34
Backdoor.Win32.SdBot.asy [Kaspersky Lab]	32
Backdoor:Win32/Turkojan.AI [Microsoft]	29
Trojan.QHosts.AA [PC Tools]	29
Worm:Win32/Pushbot.gen!C [Microsoft]	28
Virus.Win32.IRCBot [Ikarus]	27
Backdoor.Turkojan.Gen [PC Tools]	23
Mal/SillyFDC-A, Mal/IRCBot-B, Mal/IRCBot-C [Sophos]	23
Backdoor.Turkojan.il [PC Tools]	21
Exploit-DcomRpc.gen [McAfee]	21
Mal/Generic-A [Sophos]	21
Worm.Win32.Pushbot [Ikarus]	19
Mal/Emogen-U [Sophos]	18
W32/Sdbot.worm [McAfee]	18
Backdoor:Win32/Gaertob.A [Microsoft]	17
Generic BackDoor [McAfee]	17
Win-Trojan/Icqsmiley.52736 [AhnLab]	17
Backdoor.IRCBot!sd6 [PC Tools]	16
Mal/SillyFDC-A, Mal/Behav-150 [Sophos]	16
W32/Generic.b.worm [McAfee]	16
Generic.dx [McAfee]	14
not-a-virus:PSWTool.Win32.PassView.bs [Kaspersky Lab]	13
Trojan.Win32.Regrun.fzu [Kaspersky Lab]	13
Worm:Win32/Neeris.gen!C [Microsoft]	13
Backdoor:Win32/Poebot.gen [Microsoft]	12
Mal/SillyFDC-A, Mal/IRCBot-B [Sophos]	12
Backdoor.Win32.SdBot [Ikarus]	11
Trojan.QHosts.G [PC Tools]	11
Trojan:Win32/Qhost.gen!D [Microsoft]	10
Backdoor.Win32.Nepoe.em [Kaspersky Lab]	9
Backdoor.Win32.SdBot.feq [Kaspersky Lab]	9
Virus:Win32/Swog.gen [Microsoft]	9
Win-Trojan/Xema.variant [AhnLab]	9
Backdoor.Win32.SdBot.dzk [Kaspersky Lab]	8
Mal/Behav-285 [Sophos]	8
Downloader.Delphi [Ikarus]	7
Mal/IRCBot-B [Sophos]	7
Mal/SillyFDC-A, Mal/Emogen-Y, Mal/IRCBot-B [Sophos]	7
Backdoor.Delf.WDD [PC Tools]	6
Backdoor.Win32.Delf.axb [Kaspersky Lab]	6
Backdoor.Win32.PoeBot.C [Ikarus]	6
Backdoor.Win32.VanBot.ax [Kaspersky Lab]	6
Mal/TinyDL-T, Mal/Delf-P [Sophos]	6
Win32/Mytob.worm.69632.C [AhnLab]	6
Worm.IRCBot.UXP [PC Tools]	6
Backdoor.Win32.IRCBot.auf [Kaspersky Lab]	5
Backdoor.Win32.IRCBot.dry [Kaspersky Lab]	5
Backdoor:Win32/Poebot.BG [Microsoft]	5
Backdoor:Win32/Rbot.gen [Microsoft]	5
Mal/IRCBot-B, Mal/SillyFDC-A [Sophos]	5
Mal/SillyFDC-A [Sophos]	5
Worm.Win32.AutoRun.fbr [Kaspersky Lab]	5
WORM_SDBOT.GAV [Trend Micro]	5
Backdoor.Win32.EggDrop.au [Kaspersky Lab]	4
Backdoor.Win32.Omega.a [Ikarus]	4
Backdoor.Win32.Rbot.gen [Kaspersky Lab]	4

W32.IRCBot.Gen [Symantec] has the following possible countries of origin:

Origin		Number of Incidents
	Israel	32
	Brazil	13
	Germany	3
	Russian Federation	3
	China	2
	France	2
	Denmark	1
	Netherlands	1
	Turkey	1

W32.IRCBot.Gen [Symantec] is known to be created as:

%AppData%\imbot.exe

%AppData%\msmgr.exe

%AppData%\srvchost.exe

%CommonAppData%\defender.exe

%DownloadedProgramFiles%\appmgmd.exe

%FontsDir%\msnmsgn.exe

%MyDocuments%\my music\86805.exe

%MyDocuments%\my music\99062.exe

%ProgramFiles%\catolag.exe

%ProgramFiles%\dfsdfsd\ps2m.exe

%ProgramFiles%\killsh\ps2m.exe

%ProgramFiles%\kjhkjhjk\ps2m.exe

%System%\algs.exe

%System%\botbinary.exe

%System%\csrs.exe

%System%\dk\lam5.exe

%System%\drive\lam5.exe

%System%\drivers\ntndis.exe

%System%\explorer.exe

%System%\firewall.exe

%System%\fservice.exe

%System%\guezzoun.scr

%System%\hpdrv.exe

%System%\ie.exe

%System%\iexplore.exe

%System%\ifgpxerns.exe

%System%\imbot.exe

%System%\isass.exe

%System%\lcass.exe

%System%\logon.exe

%System%\lssas.exe

%System%\mscidaemon.com

%System%\mscidaemon.exe

%System%\msconfig.exe

%System%\mssenger.exe

%System%\nvctrays.exe

%System%\oobe\pspv.exe

%System%\passstealerv3_5.exe

%System%\ps2m.exe

%System%\psme2.exe

%System%\pspv\pspv.exe

%System%\pwnageasda.exe

%System%\rar.exe

%System%\reginv.dll

%System%\scrgrd.exe

%System%\scvhosting.exe

%System%\server.exe

%System%\service.exe

%System%\smsc.exe

%System%\spooisv.exe

%System%\spoolsvc.exe

%System%\ssms.exe

%System%\sysservice.exe

%System%\system dr\psme.exe

%System%\systry.exe

%System%\torrent.exe

%System%\ttt\lam5.exe

%System%\type32.exe

%System%\updater.exe

%System%\usbthief\usbthief\batexe\pspv.exe

%System%\webcenter\pspv.exe

%System%\winamp.exe

%System%\wininit32.exe

%System%\winiogon.exe

%System%\winis.exe

%System%\winlogin23.exe

%System%\wuamgrd.exe

%System%\wupdate.exe

%System%\wupdated.exe

%Temp%\0gmzofm.exe

%Temp%\19.doc.exe

%Temp%\480045.exe

%Temp%\bot.exe

%Temp%\cryptedfile.exe

%Temp%\decrypted.exe

%Temp%\explorer.exe

%Temp%\flashthief\arhack.tk\12.exe

%Temp%\imbot.exe

%Temp%\ixp001.tmp\server.exe

%Temp%\liym.exe

%Temp%\lovaka\protectstpass.exe

%Temp%\lupen-pen-drive\pspv.exe

%Temp%\octomom.exe

%Temp%\out.exe

%Temp%\pspv.exe

%Temp%\server.exe

%Temp%\svchost.exe

%Temp%\switchblade-siliv-1-3-0-1\wip\cmd\pspv.exe

%Temp%\tada.exe

%Temp%\temp.exe

%Temp%\traffic-bot.exe

%Temp%\ufosmbriog.exe

%UserProfile%\setup.exe

%Windir%\68159.exe

%Windir%\antivirus.exe

%Windir%\apocalyps32.exe

%Windir%\cacheuninstall\protectstpass.exe

%Windir%\csrs.exe

%Windir%\ctfm.exe

%Windir%\dnsquery.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%DownloadedProgramFiles% is a variable that refers to the file system directory containing downloaded program files. A typical path is C:\Windows\Downloaded Program Files.
%FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
%MyDocuments% is a variable that refers to the file system directory used to physically store a user's common repository of documents. A typical path is C:\Documents and Settings\[UserName]\My Documents.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.