| Port No | 5135 |
| Service Name | Bmail |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This backdoor malware connects a user anonymously to an file transmission protocol (ftp) server. It also modifies registry keys. |
| Reference Link | BMAIL |
| Attack | Solution: Click Start>Run, type Regedit then hit the Enter key. In the left panel, click the "+" to the left of the following: HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion Run In the right panel, look for and then delete this registry data value: SetFTPBack = %Windows%\System\CreatesW.exe Close the registry. Restart your system. Scan your system with Trend Micro antivirus and delete all files detected as BKDR_FTPBMAIL.A. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner. In case an updated version of this backdoor malware is released in the wild, Trend Micro advises that you check the %Windows%\System for a Createsw.Exe file. On NT based systems, check the %Windows%\System32 folder. %Windows% is the Windows directory usually located at C:\Windows. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.