Troj/Autotroj-C is a simple Trojan that moves itself to the Windows System folder as a file with a name selected from the following list:
wininet.exe
webcheck.exe
winspool.exe
wupdmgr.exe
services.exe
svchost.exe
taskmon.exe
taskman.exe
system.exe
winlogon.exe
explorer.exe
update.exe
Troj/Autotroj-C will set one of the registry entries below to point to the newly copied file, ensuring that it will be executed on system restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\System Update2
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\System Update2
Troj/Autotroj-C may also set the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\
Internet Settings\PrivData2
HKCU\Software\Microsoft\Windows\CurrentVersion\
Internet Settings\UserTime2
HKCU\Software\Microsoft\Windows\CurrentVersion\
Internet Settings\EnableAutodial
HKCU\Software\Microsoft\Windows\CurrentVersion\
Internet Settings\ProxyEnable
Troj/Autotroj-C may attempt to connect to one of a list of web sites and use a running instance of a web browser to display the page.