high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 25 February 2006 16:10:26 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Bandok-J is a downloader and backdoor Trojan for the Windows platform.
When first installed, Troj/Bandok-J attempts to download and install further malware components to enhance its functionality. These components are typically .dll files, with functionality such as logging keypresses, taking screenshots, controlling WebCams, and stealthing using rootkit techniques.
These components are detected by Sophos as Troj/Bandok, Troj/BanBot or Troj/Bckdr variants. Some Troj/Bandok variants may also install commercial password recovery tools, so that remote intruders can misuse them to steal passwords to mail accounts.
Troj/Bandok-J may inject code into other processes in an attempt to hide its activity. It may also attempt to terminate various security related processes.
When first run Troj/Bandok-J copies itself to <System>\ali.exe.
The following registry entries are created to run ali.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Bandook
<System>\ali.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
*Bandook
<System>\ali.exe
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\(B6A807N6-42DF-4W02-93E5-B156B3FA8AL1)
StubPath
<System>\ali.exe
Troj/Bandok-J may also change the following registry entry, if it exists, in an attempt to bypass some firewalls:
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters \FirewallPolicy\StandardProfile\GloballyOpenPorts\List
|
