Recently, I posted a request to ask if anyone knew anything about a file called wuxat.exe. It installed itself in C:\Windows\System 32 and tried to connect to the Internet. I sent it to Sophos for examination, and this is their response:
Avg-pro.exe and wuxat~bat.exe are now detected as W32/Spybot-CA.
W32/Spybot-CA is a peer-to-peer worm and backdoor Trojan that copies itself into the Windows system folder as WUXAT.EXE using a random name and sets the following registry entries: