Troj/Dloader-NY is a Trojan for the Windows platform.
Troj/Dloader-NY includes functionality to silently download, install and run new software. The downloaded software is then copied to the location <Windows>\windowsupdatemanager.exe and executed.
When first run Troj/Dloader-NY copies itself to any of the following filenames:
<Windows>\svcman.exe
<Windows>\svcrun.exe
<Windows>\localsvc.exe
<Windows>\websvc.exe
<Windows>\netsvc.exe
<Windows>\tcpsvc.exe
<Windows>\svcadmin.exe
<Windows>\spoolsvc.exe
The following registry entries are then randomly created to run Troj/Dloader-NY on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Windows Service Manager
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Windows Service Manager
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Run Services as Application
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Run Services as Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Windows Local Services
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Windows Local Services
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Windows Web Services
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Windows Web Services
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Windows .Net Manager
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Windows .Net Manager
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Tcp Application Manager
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Tcp Application Manager
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Services Administrator
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Services Administrator
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Spooler SubSystem Application
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Spooler SubSystem Application