Troj/Bdoor-EB

Aliases	BKDR_AGENT.AD Backdoor.Win32.Webdor.p BackDoor-CGZ
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Included in our products from	April 2005 (3.92)
Protection available since	15 February 2005 20:56:25 (GMT)
Detected by	All Sophos products

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/Bdoor-EB is a backdoor Trojan.

When first run, Troj/Bdoor-EB will copy itself to the Windows folder with a filename of either MSEXPLOREN.EXE, SHCH.EXE, SVCHST.EXE or WINAGENT.EXE. In order to run automatically each time a user logs on, Troj/Bdoor-EB will set one of the following registry entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SheduIer
<path to Trojan EXE> /i

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SvcH0st
<path to Trojan EXE> /i

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
WinAmpAgent
<path to Trojan EXE> /i

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MsnExplorer
<path to Trojan EXE> /i

Troj/Bdoor-EB will also create the following registry branch to store configuration data:

HKLM\SOFTWARE\Catal

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Troj/Bdoor-EB

Summary

Action

More Information