Troj/Dropper-BA is a dropper Trojan for the Windows platform.
Troj/Dropper-BA copies itself to the following files:
<Windows>\regsvc.exe
<System>\Agentsvr32.exe
When the Trojan is installed the following files are created:
<Temp>\Acid trip v2.0 Updated.exe - detected as Troj/Lolacid-A
<System>\hInstance.dll - this file may be deleted
Troj/Dropper-BA creates the following registry entries:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\(E7CCDB6E-AE6D-11cf-96B8-444553540000)
StubPath
<System>\Agentsvr32.exe /hide
HKCU\Software\Yahoo\Pager\
Save Password
0