Troj/Bdoor-JU

Aliases	Backdoor.Win32.Delf.ahn BKDR_DELF.LH
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	1 November 2005 04:25:24 (GMT)
Detected by	All Sophos products

Sophos beta program
Register now for our latest beta tests

Troj/Bdoor-JU is a backdoor Trojan for the Windows platform.

When first run Troj/Bdoor-JU copies itself to <System>\msiecfg.exe.

The following registry entry is created to run msiecfg.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
IEXPLORER
<System>\msiecfg.exe

The following registry entry is set:

HKCU\Software\EZ
0
<System>\msiecfg.exe

Once installed Troj/Bdoor-JU installs a listening port to await commands from a remote intruder.

Troj/Bdoor-JU includes functionality to access the internet and communicate with a remote server via HTTP

Get reports about the latest virus and spyware threats delivered to your computer