Troj/BDSinit-C

Please follow the instructions for removing Trojans.

You will also need to edit the following registry entries, if they are present. Please read the warning about editing the registry.

At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
SVC Service= C:\windows\system32\svcpack.exe

and delete it if it exists.

Locate the HKEY_LOCAL_MACHINE entry:

HKLM\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
= C:\windows\system32\userinit.exe, C:\windows\system32\svcpack.exe

and remove the path "C:\windows\system32\svcpack.exe". Do not remove the reference to userinit.exe

Close the registry editor.

Troj/BDSinit-C is a backdoor Trojan which allows unauthorised access and control of the computer from a remote network location.

In order to run automatically when Windows starts up the Trojan copies itself to the file svcpack.exe in the Windows system32 folder and sets the following registry entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\SVC Service
= C:\windows\system32\svcpack.exe

HKLM\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
= C:\windows\system32\userinit.exe, C:\windows\system32\svcpack.exe

Troj/BDSinit-C also adds the following registry entry:

HKLM\Software\Microsoft\DirectPlugin\EngineName
= "<Windows System>\DirectPlugin.installed"