This is Trend Micro�s detection for the batch file components of the IRC malware package IRC_SERVU.A. The malware package uses legitimate programs to perform its malicious tasks. The malware turns an infected machine into an FTP server, allowing a remote malicious user to access its file system.
BAT_SERVU.A is composed of the following files:
PASS.BAT, PASS1.BAT AND PASS2.BAT � batch files that create the configuration file for SERV-U FTP server (SERV-U.INI).
PASS3.BAT � used for restarting the Serv-U FTP server (RMTCFG.EXE).
FTP.BAT - batch file used to connect to the hacker�s FTP server to obtain updates for the malware.
NOBIOS.BAT � removes these shares: C$, ADMIN$, and IPC$.
TrendMicro is working to provide a more complete description of this malware.