Troj/Feutel-AD is a backdoor Trojan for the Windows platform.
Troj/Feutel-AD copies itself to the Windows folder with the name G_Server2.0.exe. On Windows 95/98/ME, the Trojan creates the following registry entry in order to be run automatically at logon:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
GrayPigeonServer2.0
G_Server2.0.exe
On NT-based versions of Windows (including Windows NT, 2K and XP) the Trojan installs itself as a service with the following characteristics:
servicename = GrayPigeonServer2.0
displayname = Gray_Pigeon_Server2.0
imagepath = C:\WINDOWS\G_Server2.0.exe
The Trojan injects code into the Windows explorer process in order to prevent itself from being terminated.