Troj/Telemot-B is a backdoor Trojan for the Windows platform.
When first run Troj/Telemot-B copies itself to <System>\chkdsk64.exe.
The file CHKDSK64.exe is registered as a new system driver service named "Logical Users Disk Manager Service", with a display name of "Disk management service for users requests" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\Logical Users Disk Manager Service\
Troj/Telemot-B injects code into svchost.exe which listens for incoming TCP connections. An attacker connecting to the Trojan will be given a shell from which they can run commands that will:
list or kill processes
transfer files
view and modify registry settings
reboot the infected computer
show system information
take screenshots
download and install an updated version of the Trojan
If run with sufficient rights Troj/Telemot-B will install itself as an application authorised by Window Firewall to communicate with the outside world.