Troj/Bckdr-PS is a backdoor Trojan for the Windows platform.
Troj/Bckdr-PS sets the following registry in an attempt to run itself on
startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WINDOWS
ymssgr.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
WINDOWS
ymssgr.exe
Troj/Bckdr-PS also sets the following registry entries, disabling the automatic
startup of other software:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
Start
4
Note: disabling autostart for the SharedAccess service deactivates the Microsoft
Internet Connection Firewall (ICF).