Troj/Bdoor-CPK is a backdoor Trojan.
When run, Troj/Bdoor-CPK will drop a DLL with an extension of DAT. The DLL file is also detected as Troj/Bdoor-CPK.
In order to run automatically each time Internet Explorer is started, Troj/Bdoor-CPK sets the following registry entries:
HKCR\CLSID\{1C044AAD-7955-4cbd-8175-501A165C4E5D}\InprocServer32
(default)
<path to Trojan DLL>
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C044AAD-7955-4cbd-8175-501A165C4E5D}
In order to run automatically each time the computer starts or shuts down, Troj/Bdoor-CPK will set the following registry entries:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<Trojan filename>
Asynchronous
1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<Trojan filename>
DllName
<path to Trojan DLL>
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<Trojan filename>
Logon
MachineLogon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<Trojan filename>
Logoff
MachineLogoff