Sophos

Troj/Small-BNO

Category
Type
What to do
Prevalence low high

Summary

 
Affected operating systems Windows
Characteristics
  • Installs itself in the registry
Protection available since 26 April 2006 20:13:36 (GMT)
Detected by All Sophos products
Download Free virus scan
Download the Threat Detection Test
  • Free virus, spyware, and adware scan
  • Test your existing anti-virus protection
  • Find threats your anti-virus missed

Action

More Information

Troj/Small-BNO is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.

Troj/Small-BNO includes functionality to access the internet and communicate with a remote server via HTTP.

When Troj/Small-BNO is installed it creates the file <User>\Documents\Settings\polymorph.dll.

The following registry entries are created to run code exported by polymorph.dll on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\polymorphreg
DllName
<User>\Documents\Settings\polymorph.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\polymorphreg
Startup
polymorphreg

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\polymorphreg
Impersonate
1

RSS|Atom
Get reports about the latest virus and spyware threats delivered to your computer