Skip to main content
Microsoft Security Intelligence
Published Nov 25, 2008 | Updated Sep 15, 2017


Detected by Microsoft Defender Antivirus

Aliases: Win32/IRCBot.worm.Gen (AhnLab) Win32/IRCBot!generic (CA) WIN.IRC.WORM.Virus (Dr.Web) Exploit-DcomRpc.gen (McAfee) Mal/IRCBot-B (Sophos) Purple Exploit (other)


Backdoor:Win32/IRCbot.BH is a generic detection for a backdoor trojan that connects to an IRC server to receive commands from an attacker. This trojan contains code that exploits vulnerable Windows computers that have not applied Security Bulletin MS08-067.
Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner ( For more information, see
Follow us