Troj/Bdoor-JV is a backdoor Trojan for the Windows platform.
Troj/Bdoor-JV includes functionality to:
- access the internet and communicate with a remote server via HTTP
- log keystrokes
- disable system processes
- perform screen captures
Troj/Bdoor-JV attempts to terminate the following system related processes:
regedit.exe
msconfig.exe
netstat.exe
When first run Troj/Bdoor-JV copies itself to:
\Explorer.exe
<Windows>\msnmsgr.exe
<System>\msnmsgr.exe
and creates the following files:
<Windows>\Protocol.dat
<Windows>\temp.reg
These files may be deleted.
The following registry entry is created to run msnmsgr.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon
<System>\msnmsgr.exe
Troj/Bdoor-JV may attempt to make changes to the following registry entry:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile
EnableFirewall