Computing.Net > Forums > Security and Virus > BFT Trogan

Computing.Net: Over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to sign up now, it's free!

BFT Trogan

Reply to Message Icon
Original Message
Name: JC
Date: February 11, 2003 at 11:40:06 Pacific
Subject: BFT Trogan
OS: WIN2K
CPU/Ram: P II /512 MB
Comment:

Hello,
Do excuse the 2nd post, as I failed to immediately realize here was a specific section dedicated to virus and security

First, I found a thread that spoke of this unusual registry key entry, but in the responses, there was not explanation of what it could be.

I understand the WOW registry is part of WIN2K security, but it's the startup program file that has me confused.

The key entry is as follows:
Under WOW SetupPrograms, I have.

SetupProgramNames Reg_multi_sz install inst imposta ayarla felrak eviewset

Is this a valid entry or part of some Trojan file call?

Lastly,

On my home computer I found a poly-mophric Trojan loaded on my WIN2K unit that Pest Patrol at first labeled as the 'Orange and Green' and then described it as a back door 'TDE.exe' and displayed an executeable of BFT.exe . According to their library it could be used to capture screen shots, keyboard entry logging, password stealing etc. I deleted it, but I noted on one of the threads that some Trojans are capable of infecting the partition.

Does this mean that it can recreate itself after a reinstall of the OS? I basically rebuilt the unit and reformatted the drive using NTFS. Does anyone know what the originating program of this Trojan could be? Before I deleted it, I noted that it had created a folder under my 'Admin Document Setting' secition titled 'BFT' and had managed to stealthily create an admin account for itself. This is why I took the drastic measure of reformatting the HDD and reloaded WIN2K.

I then locked down the computer's security very tightly, installed ZA and Pest Patrol with security passwords on those applications. Any thoughts on this Trojan, how it may have been downloaded since I do have a Netopia Firewall installed. Is this some clever hacker tool or one of those spyware applications being sold on the market? I’m really confused, because the last person logged onto the PC showed it as being the Admin (which is me), but I hadn’t logged onto the unit in over 3 weeks and my kid was on it under her own ID which has privileges under the restrictive user group.

The way I setup the Winlog, the last successful login name appears on startup, so that part had me worried. Any info on its origination would be greatly appreciated.

One another thing, as a restricted user my kid is unable to use spell and grammar check in Office 97. Is there a method by which I leave the access as a restricted, whilst enabling the tools in Office 97?

Thanks,
JC



Report Offensive Message For Removal








Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home





Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

The Lounge

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos
General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Site Search

Message Find

Data Recovery

About


Do you have your own blog?

Yes
No
I did before
I will soon


View Results

Poll Finishes In 4 Days.
Discuss in The Lounge
Poll History


Printing problem in RDP

Will Race Driver GRID work ?

USB thumb drive letter

Xps and pdf

Xps and pdf

All Awaiting Reply


Data Recovery Software