MOR: A quick gooogle came up with this ..... The file name is in bold for clarity.
W32/Rbot-M is a worm which attempts to spread to remote network shares.
W32/Rbot-M contains backdoor Trojan functionality, allowing unauthorised
remote access to the infected computer via IRC channels while running in the
background as a service process.
W32/Rbot-M spreads to network shares with weak passwords as a result of the
backdoor Trojan element receiving the appropriate command from a remote user.
When W32/Rbot-M is run it copies itself to the Windows system folder with the
filename
wuam.exe and deletes the original copy if that filename was wuam.exe.
In order to run automatically when Windows starts up W32/Rbot-M creates the
following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft Update Time=wuam.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Microsoft Update Time=wuam.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft Update Time=wuam.exe.
W32/Rbot-M attempts to contact the host babe.thekiller
Go
HERE for removal info.