Troj/Bdoor-FJ is a backdoor Trojan for the Windows platform that allows unauthorised remote access to the infected computer.
When run the Trojan copies NukeProtect.exe to %WINDOWS%\TEMP\Sysmodule.exe. If the copy operation fails, Troj/Bdoor-FJ attempts to reboot the computer.
The Trojan creates the following registry entry so as to run itself automatically on user logon:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft's System Module
%WINDOWS%\TEMP\Sysmodule.exe
While running in the background as a process, Troj/Bdoor-FJ has the following capabilities when instructed by a remote attacker:
run a remote command
delete files
reboot the computer
download/upload files
steal file system and active window information