Troj/Ciadoor-K is a backdoor Trojan for the Windows platform.
When first run Troj/Ciadoor-K copies itself to <Windows system folder>\<random name>.ini and creates the following files:
<Windows system folder>\wsock32.sys
<Windows system folder>\ckl009.dat
The file wsock32.sys is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
(random CLSID)
HKCR\CLSID\(random CLSID)
The following registry entry is set:
HKCU\Software\VB and VBA Program Settings\set\set
set
<random name>.ini
Troj/Ciadoor-K runs in the background listening on a preconfigured TCP port for connections from a remote intruder.