high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | February 2005 (3.90) |
| Protection available since | 9 January 2005 15:24:07 (GMT) |
| Last updated | 11 February 2005 22:37:46 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
Windows NT/2000/XP/2003
In Windows NT/2000/XP/2003 you will also need to edit the following registry entry. The removal of this entry is optional in Windows 95/98/Me. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Windows Update Manager
"WINLOG0N.EXE"
and delete it if it exists.
Close the registry editor.
More Information
Troj/Agent-BO is a backdoor Trojan for the Windows platform that also may download files from a predefined location without the user's consent.
When first executed, Troj/Agent-BO copies itself to the Windows system folder with the filename winlog0n.exe and to the Windows system drivers folder with the filename audiox.
In order to be able to run automatically when Windows starts up the Trojan sets the registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Windows Update Manager
"WINLOG0N.EXE"
|
