Troj/Bckdr-RCL

Category: Viruses and Spyware Protection available since:02 Jun 2010 12:07:15 (GMT)
Type: Trojan Last Updated:02 Jun 2010 12:07:15 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Bckdr-RCL is a Trojan for the Windows platform, likely to have been installed via a malicious PDF document.

When run, Troj/Bckdr-RCL copies itself to the Windows system folder as ccwap.exe.

<System>\ccwap.exe

The following Registry entries are added to run the Trojan at system startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe_RLX
C:\WINDOWS\system32\ccwap.exe 1 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe_RLX
C:\WINDOWS\system32\ccwap.exe 1 2

Troj/Bckdr-RCL enumerates folders within the Program Files folder looking for files relating to various security products.

Once running Troj/Bckdr-RCL attempts to connect to a remote IP on port 443.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy