Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Troj/Lohav-E

Mar 15, 2004 4:04AM PST

Aliases
I-Worm.Bagle.gen, W32/Bagle.gen@MM, Trojan.Mitglieder.E

Type
Trojan

Description
Troj/Lohav-E is a backdoor Trojan that can be also used as a proxy server and as an email server.
When run Troj/Lohav-e copies itself into the Windows system folder as syswrun4x.exe, drops and injects the DLL <System>\windllzup.exe into Explorer.

Troj/Lohav-E drops its main backdoor component into the DLL file bgxtdll.exe. Windllzup.exe will load the main backdoor DLL component into Explorer.


More: http://www.sophos.com/virusinfo/analyses/trojlohave.html

Discussion is locked