Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Troj/Bckdr-ATR

Feb 16, 2004 12:48AM PST

Aliases
BackDoor-ATR.svr

Type
Trojan

Description
Troj/Bckdr-ATR is a password stealing backdoor Trojan for the Windows platform. The Trojan allows a malicious user remote access to an infected computer.
In order to run automatically when Windows starts up Troj/Bckdr-ATR copies itself to the file grob.exe in the Windows folder and creates the following registry entries pointing to this file:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\grob
HKU\Software\Microsoft\Windows\CurrentVersion\Run\grob
HKLM\SOFTWARE\Mirabilis\ICQ\Agent\Apps\ICQdat\Path

The Trojan also adds run entries to the win.ini and system.ini files.

Troj/Bckdr-ATR registers a successful infection by accessing a remote web site. The Trojan also attempts to steal passwords and send them to the attacker.


Read more: http://www.sophos.com/virusinfo/analyses/trojbckdratr.html

Discussion is locked