Bohmini.A

Bohmini.A is a configurable remote access tool or Trojan.

Bohmini.A exploits security flaws in Adobe Flash 9.0.115 with Internet Explorer 7.0 and Firefox 2.0 under Windows XP SP2. Adobe Flash 9.0.124 is not known to be vulnerable to Bohmini.A. In July 2008, it was known that Bohmini.A spread as malvertising from 247mediadirect through an advertising network via the social networking site Facebook.

Bohmini.A is detected by at least one known anti-virus product; Microsoft Windows Live OneCare. However, as of August 12, 2008, Microsoft Windows Live OneCare does not remove Bohmini.A completely, although it claims to have detected and removed it.

To remove Bohmini.A under Windows XP, run a known detecting anti-virus product such as Windows Live OneCare and then go to Control Panel and select Switch to Classic View. Then select Scheduled Tasks and remove all tasks with the prefix At such as At1, ..., At24.

The Bohmini.A installation is customizable and therefore each of the implementations vary. For example, the executable names vary.

Bohmini.A is configured to notify and update itself over HTTP.