Troj/Agent-BMF

Category:	Viruses and Spyware	Protection available since:	07 May 2006 00:00:00 (GMT)
Type:	Trojan	Last Updated:	07 May 2006 00:00:00 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-BMF is a backdoor Trojan which allows a remote intruder to gain
access and control over the computer.

Troj/Agent-BMF includes functionality to access the internet and communicate
with a remote server via HTTP.

When Troj/Agent-BMF is installed the following files are created:

&ltTemp&gt\ddos.exe
&ltTemp&gt\load44(2).exe
&ltTemp&gt\loader.exe
&ltTemp&gt\ope4.bat
&ltSystem&gt\Not
&ltSystem&gt\html
&ltSystem&gt\public
&ltSystem&gt\requested
&ltSystem&gt\xffanl.exe

The file load44(2).exe is detected as Troj/Dowadv-C and the file loader.exe is
detected as Troj/SpyDldr-E.

The following registry entries are created to run xffanl.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
svcroot
&ltSystem&gt\xffanl.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
svcroot
&ltSystem&gt\xffanl.exe

The following registry entry is changed to run xffanl.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe xffanl.exe

(the default value for this registry entry is "Explorer.exe" which causes the
Microsoft file &ltWindows&gt\Explorer.exe to be run on startup).

Try Sophos products for free
Download now

Troj/Agent-BMF

Free Mac Anti-Virus

Popular topics