Troj/Bckdr-PNO

Category: Viruses and Spyware Protection available since:05 Nov 2006 00:00:00 (GMT)
Type: Trojan Last Updated:05 Nov 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Bckdr-PNO is an Instant Messaging Trojan for the Windows platform.

When first run Troj/Bckdr-PNO copies itself to:

<User>\Application Data\App\<random filename1>.exe
<System>\<random filename2>.exe
<System>\<random filename3>.exe
<Windows>\regedit.exe

The following registry entry is created to run Troj/Bckdr-PNO on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
winValidate
<System>\<random filename2>.exe delnext <System>\<random filename3>.exe

The following registry entry is set, disabling the registry editor (regedit):

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
1

Registry entries are created under:

HKLM\SOFTWARE\Microsoft\Conf\

Troj/Bckdr-PNO may periodically send the following IM messages with links to non-malicious websites:

'<url>
So funny =)) '

'<url>
Hav never seen such funny pics =)) '

'<url>
write back to me if you feel the same'

'Wow =))
<url>'

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy