Presence of digiwet.dll in %windir%\system32
Presence of wiaservim.log in %windir%
Please let BitDefender disinfect your files.
Balazs Biro, jr. virus researcher
The Backdoor copies itself to %windir%\system32\digiwet.dll with the extension and executable type changed to DLL and registers the copy to start with windows using the registry key:
After this it launches svchost.exe, and overwrites the image of svchost.exe in memory with its payload which does the following:
It creates a file named wiaservim.log in %windir% probably to record its activity. It connects to 18.104.22.168, from there it downloads and executes a couple of files, after this it reports back to the same IP.
The downloaded executables belong to the Backdoor.IRCBot family. With their help the compromised computer can be controlled remotely using IRC (Internet Relay Chat).