high
Summary
Summary
Action- More Information
| Detected by | All Sophos products |
|---|---|
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
Please read the instructions for removing Trojans.
Windows NT/2000/XP
In Windows NT/2000/XP you will also need to edit the following registry key. The removal of this key is optional in Windows 95/98/Me.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
and delete any reference to the file MSREXE.EXE.
Then locate the key:
HKLM\Software\CurrentControlSet\Services\Swartax\ImagePath =
"C:\<Windows system>\MSREXE.EXE"
and delete it.
You should also delete the keys at:
HKLM\Software\Microsoft\Windows\CurrentVersion\Welcome
Close the registry editor and reboot your computer.
More Information
Troj/Bdoor-AML is a backdoor Trojan which allows unauthorised remote access to the computer over a network.
The Trojan copies itself to the Windows system folder as MSREXE.EXE and adds an entry to the registry at
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
to run itself on system restart.
The Trojan creates the registry entry
HKLM\Software\CurrentControlSet\Services\Swartax\ImagePath =
"C:\<Windows system>\MSREXE.EXE".
and also creates several registry entries at
HKLM\Software\Microsoft\Windows\CurrentVersion\Welcome
Troj/Bdoor-AML attempts to use the affected computer as a proxy SMTP email server.
Troj/Bdoor-AML may be dropped by Troj/Dloader-BO.
|
