Troj/BagleDl-BP

Category: Viruses and Spyware Protection available since:30 Mar 2006 00:00:00 (GMT)
Type: Trojan Last Updated:30 Mar 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/BagleDl-BP is a Trojan for the Windows platform.

Troj/BagleDl-BP pretends to be a hacking tool, opening a dialog box with the title "Select file to crack". Whichever file is selected, the Trojan displays the message "Incorrect file version".

The Trojan attempts to download further malicious code. Troj/BagleDl-BP is a Trojan for the Windows platform.

Troj/BagleDl-BP pretends to be a hacking tool, opening a dialog box with the title "Select file to crack". Whichever file is selected, the Trojan displays the message "Incorrect file version".

The Trojan attempts to download further malicious code.

When Troj/BagleDl-BP is installed the following file is created:

<System>\ldr64.dll

This file is also detected as Troj/BagleDl-BP.

The following registry entries are created to run code exported by ldr64.dll on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64
DllName
ldr64.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64
Impersonate
0

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64
Startup
Startup

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy