Troj/Bdoor-AML ; Aliases: Trojan.PSW.Jeem

Discussion in 'malware problems & news' started by FanJ, Nov 13, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Name: Troj/Bdoor-AML
    Aliases: Trojan.PSW.Jeem
    Type: Trojan
    Date: 13 November 2002

    At the time of writing Sophos has received just one report of
    this Trojan from the wild.

    Troj/Bdoor-AML is a backdoor Trojan which allows unauthorised remote access to the computer over a network.

    The Trojan copies itself to the Windows system folder as MSREXE.EXE and adds an entry to the registry at


    to run itself on system restart.

    The Trojan creates the registry entry

    HKLM\Software\CurrentControlSet\Services\Swartax\ImagePath =
    "C:\<Windows system>\MSREXE.EXE".

    and also creates several registry entries at


    Troj/Bdoor-AML attempts to use the affected computer as a proxy SMTP email server.

    Troj/Bdoor-AML may be dropped by Troj/Dloader-BO.

    More information about Troj/Bdoor-AML can be found at
Thread Status:
Not open for further replies.