Troj/Bdoor-CPE

Aliases	BackDoor-CPE.cfg
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Included in our products from	June 2005 (3.94)
Protection available since	7 April 2005 20:58:24 (GMT)
Detected by	All Sophos products

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/Bdoor-CPE is a backdoor Trojan for the Windows platform.

Troj/Bdoor-CPE will copy itself to the Windows system folder as xflash.exe.

Troj/Bdoor-CPE will set itself up as a service process and listen for commands from a remote user. The following is an example of the commands the Trojan can execute on the infected system:

Act as a proxy
Capture and upload screen images
Close open windows
Create/Open/Delete/Move specific files
Create/Remove folders
Create/Remove registry entries
Download files to the system
Move the mouse cursor on the screen
Report and Terminate running processes
Report applications running
Report information about system
Run commands
Run programs
Search for specific files
Terminate itself
Upload files from the system

Troj/Bdoor-CPE may register itself as a service process with the following attributes:

servicename = xflash
displayname = "RAT X Control"
imagepath = <Windows system folder>\xflash.exe

Troj/Bdoor-CPE will attempt to communicate on ports 46443 and 46187.

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Troj/Bdoor-CPE

Summary

Action

More Information