Troj/Dloadr-BKC is a Trojan for the Windows platform.

Troj/Dloadr-BKC includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/Dloadr-BKC copies itself to (System)\36Osafe.exe and creates the file Temp\~LoveU!.bAt, which can be safely deleted.


The following registry entry is created to run 36Osafe.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 36Osafe
System\36Osafe.exe

Registry entries are created under:

HKLM\SOFTWARE\Microsoft\DsNiu\InjectDown V3.0

More information can be found at this Sophos page.