Troj/Bdoor-AML ; Aliases: Trojan.PSW.Jeem

Discussion in 'malware problems & news' started by FanJ, Nov 13, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Name: Troj/Bdoor-AML
    Aliases: Trojan.PSW.Jeem
    Type: Trojan
    Date: 13 November 2002



    At the time of writing Sophos has received just one report of
    this Trojan from the wild.

    Description
    Troj/Bdoor-AML is a backdoor Trojan which allows unauthorised remote access to the computer over a network.

    The Trojan copies itself to the Windows system folder as MSREXE.EXE and adds an entry to the registry at

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    to run itself on system restart.

    The Trojan creates the registry entry

    HKLM\Software\CurrentControlSet\Services\Swartax\ImagePath =
    "C:\<Windows system>\MSREXE.EXE".

    and also creates several registry entries at

    HKLM\Software\Microsoft\Windows\CurrentVersion\Welcome

    Troj/Bdoor-AML attempts to use the affected computer as a proxy SMTP email server.

    Troj/Bdoor-AML may be dropped by Troj/Dloader-BO.


    More information about Troj/Bdoor-AML can be found at
    http://www.sophos.com/virusinfo/analyses/trojbdooraml.html
     
Thread Status:
Not open for further replies.