Troj/Bdoor-EB is a backdoor Trojan.
When first run, Troj/Bdoor-EB will copy itself to the Windows folder with a filename of either MSEXPLOREN.EXE, SHCH.EXE, SVCHST.EXE or WINAGENT.EXE. In order to run automatically each time a user logs on, Troj/Bdoor-EB will set one of the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SheduIer
<path to Trojan EXE> /i
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SvcH0st
<path to Trojan EXE> /i
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
WinAmpAgent
<path to Trojan EXE> /i
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MsnExplorer
<path to Trojan EXE> /i
Troj/Bdoor-EB will also create the following registry branch to store configuration data:
HKLM\SOFTWARE\Catal