Troj/Bdoor-AML

Category: Viruses and Spyware Protection available since:12 Nov 2002 00:00:00 (GMT)
Type: Trojan Last Updated:12 Nov 2002 00:00:00 (GMT)
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Bdoor-AML is a backdoor Trojan which allows unauthorised remote access to the computer over a network.

The Trojan copies itself to the Windows system folder as MSREXE.EXE and adds an entry to the registry at

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

to run itself on system restart.

The Trojan creates the registry entry

HKLM\Software\CurrentControlSet\Services\Swartax\ImagePath =
"C:\<Windows system>\MSREXE.EXE".

and also creates several registry entries at

HKLM\Software\Microsoft\Windows\CurrentVersion\Welcome

Troj/Bdoor-AML attempts to use the affected computer as a proxy SMTP email server.

Troj/Bdoor-AML may be dropped by Troj/Dloader-BO.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy