high
Summary
Summary
Action- More Information
| Detected by | All Sophos products |
|---|---|
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
Please read the instructions for removing Trojans.
Registry entries
You will also need to edit the following registry entries.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entries:
HKLM\Software\Microsoft\Windows\
CurrentVersion\Run
HKLM\Software\Microsoft\Windows\
CurrentVersion\RunServices
and delete any references to any files you deleted.
Locate the HKEY_USERS the entry:
HKU\.DEFAULT\Software\Microsoft\Windows\
CurrentVersion\Run
and delete any reference to any file you deleted.
Close the registry editor.
Editing win.ini and system.ini
At the taskbar, click Start|Run and type Sysedit. Bring Win.ini to the front. In the [windows] section, search for a line beginning with 'Run=' and delete any references to the files you removed. Delete only that reference, not any other text.
Bring System.ini to the front. In the 'shell=' line in the [Boot] section, search for any references to the files you deleted. Delete only that reference, not any other text.
Reboot your computer.
More Information
Troj/Brat is a backdoor Trojan. Troj/Brat runs in the background as a server process and allows malicious remote users access to and control over your computer.
Troj/Brat copies itself into the Windows folder using a random filename. The Trojan adds an entry to the registry or to one of the Windows startup (.INI) files so that it runs automatically every time you start your computer.
Troj/Brat may add registry values to the following keys:
HKLM\Software\Microsoft\Windows\
CurrentVersion\Run
HKLM\Software\Microsoft\Windows\
CurrentVersion\RunServices
HKU\.DEFAULT\Software\Microsoft\Windows\
CurrentVersion\Run
The Trojan may add a run= line to the [Windows] section of the WIN.INI file.
The Trojan may also add its folder and filename to the shell= line in the [Boot] section of the SYSTEM.INI file. (This line usually reads shell=explorer.exe on Windows 95/98/Me computers.)
|
