Troj/Bdoor-JV

Aliases	Backdoor.Win32.VB.akv BKDR_VB.MI
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Included in our products from	December 2005 (4.00)
Protection available since	2 November 2005 04:30:34 (GMT)
Detected by	All Sophos products

Troj/Bdoor-JV is a backdoor Trojan for the Windows platform.

Troj/Bdoor-JV includes functionality to:

- access the internet and communicate with a remote server via HTTP
- log keystrokes
- disable system processes
- perform screen captures

Troj/Bdoor-JV attempts to terminate the following system related processes:

regedit.exe
msconfig.exe
netstat.exe

When first run Troj/Bdoor-JV copies itself to:

\Explorer.exe
<Windows>\msnmsgr.exe
<System>\msnmsgr.exe

and creates the following files:

<Windows>\Protocol.dat
<Windows>\temp.reg

These files may be deleted.

The following registry entry is created to run msnmsgr.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon
<System>\msnmsgr.exe

Troj/Bdoor-JV may attempt to make changes to the following registry entry:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile
EnableFirewall

Get reports about the latest virus and spyware threats delivered to your computer