This Trojan horse is a self-extracting package that installs a program to
attack IRC clients. The Trojan then installs to the system the Serv-U FTP
server in a configuration that shares a C: drive on the victim PC for full access.
The Trojan also registers a Serv-U FTP server in the WIN.INI file in the auto-run
Because of a bug, the Trojan works only when Windows is installed in the
C:WINDOWS directory. The Trojan also does not work under WinNT and
To remove the FTP server from the computer, it is necessary to remove the
“load=closew” from the [windows] section in the WIN.INI file and to delete the