high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | February 2005 (3.90) |
| Protection available since | 15 December 2004 08:47:24 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
You will also need to edit the following registry entries, if they are present. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Services
"<Windows system folder>\bsc32.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Microsoft Services
"<Windows system folder>\bsc32.exe"
and delete them if they exist.
Close the registry editor.
More Information
Troj/Bdoor-AW is a backdoor Trojan for the Windows platform.
When first run, Troj/Bdoor-AW copies itself to the Windows system folder as bsc32.exe and creates the following registry entries in order to run each time a user logs on:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Services
"<Windows system folder>\bsc32.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Microsoft Services
"<Windows system folder>\bsc32.exe"
Troj/Bdoor-AW chooses a random port and then sends registration information to a remote site via an HTTP GET request. The information transferred includes the randomly chosen port number and the system IP.
|
