Troj/Agent-BM is an HTTP proxy for the Windows platform. The Trojan runs as a proxy on port 8080 and sets the default HTTP proxy for the system to 127.0.0.1:8080.
The Trojan may also connect to a pornographic website and display images.
The Trojan creates the following registry entries in order to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Internet Acceleration Utility
<path to Trojan>
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Internet Acceleration Utility
<path to Trojan>
The following registry entries are also created:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyOverride
https://
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyServer
127.0.0.1:8080