Troj/Dloader-BO

Category: Viruses and Spyware Protection available since:23 Jan 2003 00:00:00 (GMT)
Type: Trojan Last Updated:13 Feb 2003 00:00:00 (GMT)
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Dloader-BO downloads and executes a file from the website
masteraz.hypermart.net within 3 days of being run for the first time. At the time of writing Sophos has seen examples of two downloaded files, detected as Troj/Bdoor-Aml and Troj/Keylog-I but, of course, the file could be changed.

Troj/Dloader-BO has been seen in the files MASTERAZ.EXE, JIMKRE.EXE and messages.hta.

The Trojan adds the following entry to the registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
.inr\5Nzg1mOWKzFnuvu6 = "C:\<path to Trojan>".

This will run the Trojan on system restart.

The Trojan also creates the following entry within the registry:

HKLM\Software\CLASSES\.inr\5Nzg1mOWKzFnuvu6.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy