high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 22 December 2004 16:52:53 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Bdoor-CLS is a Trojan for the Windows platform.
When executed the Trojan copies itself to the user's temporary folder and to C:\System Volume Information as upnpclient.exe. The Trojan also creates the file
%windoss%\Acrobat.dll.
Troj/Bdoor-CLS installs itself as a browser help object by setting the following registry entries:
HKCU\Software\Microsoft\Internet Explorer\Main\
Enable Browser Extensions = "yes"
Use FormSuggest = "yes"
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\
Append Completion = "yes"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\
Enable Browser Extensions = "yes"
Use FormSuggest = "yes"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\
Append Completion
"yes"
HKCR\Acrobat.Assistant\
@
"Acrobat.Assistant"
HKCR\Acrobat.Assistant\Clsid\
@
"(A452DA63-4286-48EB-A838-3BA85C3049F5)"
The Trojan also creates many registry entries under the following:
HKCR\CLSID\(A452DA63-4286-48EB-A838-3BA85C3049F5)\
HKCR\Interface\(15F5F752-C010-4CF1-84BF-8219CAE0D283)\
HKCR\Interface\(9CACA727-F10C-43A1-83AA-BE3BDC6A7A19)\
HKCR\TypeLib\(F290D400-AA50-40C7-8F4E-F788A5417F57)\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\(A452DA63-4286-48EB-A838-3BA85C3049F5)\
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UPNPCLIENT\
HKLM\SYSTEM\CurrentControlSet\Services\UPNPClient\
Troj/Bdoor-CLS attempts to connect to a webserver.
|
