Troj/Edepol-C

Category:	Viruses and Spyware	Protection available since:	14 Jul 2006 00:00:00 (GMT)
Type:	Trojan	Last Updated:	14 Jul 2006 00:00:00 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Edepol-C is a backdoor Trojan for the Windows platform.

Troj/Edepol-C has been seen being dropped and run by a malicious PowerPoint file exploiting a vulnerability in Microsoft PowerPoint. Troj/Edepol-C is a backdoor Trojan for the Windows platform.

When first run Troj/Edepol-C copies itself to <System>\rtfmsv.exe and <System>\regvrt.exe.

Troj/Edepol-C attempts to inject a DLL into the explorer.exe process. This DLL monitors keystrokes and periodically submits the logged data to a preconfigured IP address.

The Trojan may attempt to disable Anti-virus applications.

Troj/Edepol-C has been seen being dropped and run by a malicious PowerPoint file exploiting a vulnerability in Microsoft PowerPoint.

The following registry entries are created to run rtfmsv.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
StartKey
<System>\rtfmsv.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\(A5CDF7EC-751B-46aa-AD69-4005FE080DE9)
stubpath
<System>\rtfmsv.exe s

Registry entries are created under:

HKCU\Software\SKavx\

Try Sophos products for free
Download now

Troj/Edepol-C

Free Mac Anti-Virus

Popular topics