Troj/OptixP-C

Aliases	BackDoor-CMI
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Included in our products from	July 2006 (4.07)
Protection available since	7 September 2005 12:57:48 (GMT)
Last updated	29 May 2006 22:40:20 (GMT)
Detected by	All Sophos products

Troj/OptixP-C is a backdoor Trojan for the Windows platform which allows a remote intruder to gain access and control over the computer.

When first run Troj/OptixP-C copies itself to:

<System>\expl0rer.exe
<System>\sp00lsv.exe

and creates the file <System>\<current date>.txt which is non-malicious and can be safely deleted.

The following registry entry is created to run expl0rer.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
EXPLORER
EXPL0RER.EXE

The Trojan also drops bebeapuro.exe into the Windows system folder and runs it. This file is non-malicious and can be safely deleted.

While active, the Trojan may send emails to indicate an infection while listening on various ports for intruder connections.

Get reports about the latest virus and spyware threats delivered to your computer