Home Education E-BooksTravel Troubleshooting Linux Contact Us About Us
Troubleshooting Tips And Steps
Windows & Hardware Tips
Information On Viruses
Miscellaneous

virus file

VIRUS NAME: BackDoor-ABH

VIRUS NAME: BackDoor-ABH

Trojan Characteristics

This Remote Access Trojan masquerades as a downloader for an email client application. When executed on the victim machine, the Trojan attempts to connect to an FTP server. The Trojan contains the string:

'Would you like to download Bmail.. Bmail is a talking Email software that works with POP and other email accounts. Its works with Yahoo also. More will be added soon..'

In addition to opening this FTP connection, the worm opens an additional port on the victim machine, enabling remote access to the machine. The Trojan sets the following Registry key in an attempt to run itself at system startup:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\_
Run "SetFTPBack" = C:\WINDOWS\SYSTEM\createsw.exe

However, in testing the Trojan did not successfully copy itself to CREATESW.EXE in the System directory.

Symptoms

Existence of the Registry hook detailed above
Port 5135 open on victim machine

Method Of Infection

The Trojan is designed to install itself on the victim machine upon execution.

If you are fed up with any virus and not getting solution of it. mail us on amgroup@skillsheaven.com and please provide all the detail about virus.