Ryknos is an IRC-controlled backdoor that provides the attacker with unauthorized remote access to a compromised computer. The intruder can download and execute arbitrary files, retrieve system and network information, send messages to specified remote hosts. The threat silently downloads from the Internet and installs another backdoor called Looksky.b. Ryknos uses the infamous First4DRM rootkit to cloak itself in the system. It is able to bypass Windows Firewall.
$sys$drv.exebk.exe
HKEY_CURRENT_USER[long string of random characters]$sys$drv=$sys$drv.exe