Troj/Bagle-AS is a backdoor Trojan.
When the Trojan executes it will start a backdoor and send connection information to a number of websites.
Troj/Bagle-AS is a backdoor Trojan.
When the Trojan executes it will start a backdoor on a random port in the range
2000 to 50000. The Trojan tries to send connection information to a number of
websites.
It copies itself to the Windows system folder as wintems.exe. The Trojan also
sets creates the following registry entry so that it is started on user logon:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
german.exe
<System>\wintems.exe
The following registry entries are also created
HKCU\Software\DateTime4\uid
HKCU\Software\DateTime4\port
HKCU\Software\DateTime4\wdrn