Troj/Bdoor-GP is a backdoor Trojan for the Windows platform that provides an
unauthorised remote access to the infected computer.
Once executed Troj/Bdoor-GP copies itself to the Windows system folder with
the filename userinit.exe , and creates following executables in the Windows
and Windows system folders respectively:
keyboard_enum.exe
sound_drive16.exe
and
iexpress32.exe
www.microsoft.com
In order to be able to run automatically when Windows starts up Troj/Bdoor-GP
sets the registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
keyboard_enum
"keyboard_enum.exe"
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
Shell
"Explorer.exe sound_drive16.exe"
Also Troj/Bdoor-GP may create a number of the log and data files including
following:
%CLSID1%.%CLSID2%.crmlog where CLSID1, CLSID2 are CLSID identification numbers
and
ex050403.log