Troj/Liewar-A is a Trojan which pretends to detect spyware.
The Trojan may run any of a fixed list of files if they are not already running. The Trojan may also copy itself or certain files found on the machine to the Windows folder with different names.
Provided there is a file running called IAU.EXE (which the Trojan may start itself) after about two hours the Trojan displays a message box containing the following text:
"Microsoft Windows Alert
Spyware Detected on your PC. Remove it now?"
If the user selects YES, they are taken to a website which advertises spyware removal products.
W32/Rbot-SQ is a member of the W32/Rbot-Fam family of worms for the
Windows platform with backdoor functionality.
W32/Rbot-SQ targets weakly protected network shares and machines unpatched against known vulnerabilities.
The backdoor component connects to a predefined IRC server and waits for commands from a remote attacker.