Wilders Security Forums  

Go Back   Wilders Security Forums > Other Security Topics > malware problems & news
Reload this Page Troj/Bdoor-AML ; Aliases: Trojan.PSW.Jeem
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old November 13th, 2002, 09:46 AM
FanJ
 
Posts: n/a
Default Troj/Bdoor-AML ; Aliases: Trojan.PSW.Jeem
Name: Troj/Bdoor-AML
Aliases: Trojan.PSW.Jeem
Type: Trojan
Date: 13 November 2002



At the time of writing Sophos has received just one report of
this Trojan from the wild.

Description
Troj/Bdoor-AML is a backdoor Trojan which allows unauthorised remote access to the computer over a network.

The Trojan copies itself to the Windows system folder as MSREXE.EXE and adds an entry to the registry at

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

to run itself on system restart.

The Trojan creates the registry entry

HKLM\Software\CurrentControlSet\Services\Swartax\ImagePath =
"C:\<Windows system>\MSREXE.EXE".

and also creates several registry entries at

HKLM\Software\Microsoft\Windows\CurrentVersion\Welcome

Troj/Bdoor-AML attempts to use the affected computer as a proxy SMTP email server.

Troj/Bdoor-AML may be dropped by Troj/Dloader-BO.


More information about Troj/Bdoor-AML can be found at
http://www.sophos.com/virusinfo/analyses/trojbdooraml.html
 

Wilders Security Forums > Other Security Topics > malware problems & news « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 11:24 AM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums