Troj/BluEye-D is a Backdoor generator toolkit. It is capable of recording keystrokes and opening a backdoor to allow access to the command shell on victim's computer. The keystrokes will be saved in a log file which an intruder can access via the backdoor.
When first run Troj/BluEye-D copies itself to:
<System>\msvchost.exe
<System>\ssvchost.com
and creates the following files:
\<filename>.cab
<System>\regc64.dll
The following registry entry is set to run ssvchost.com on startup:
HKLM\SOFTWARE\Microsoft\ActiveSetup\Installed Components\<CLSID>
StubPath
<System>\ssvchost.com
Registry entries are created under:
HKLM\SOFTWARE\LolLol\