Troj/Dloader-WD is a Trojan for the Windows platform.
Troj/Dloader-WD includes functionality to access the internet, download and execute remote code without user permission.
When first run Troj/Dloader-WD copies itself to:
<System>\notetxt.exe
<System>\slcsvr.exe
The following registry entry is created to run slcsvr.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Select server
<System>\slcsvr.exe
The following registry entry is set or modified, so that notetxt.exe is run when files with extensions of TXT are opened/launched:
HKCR\txtfile\shell\open\command
(default)
NOTETXT.EXE %1