Troj/Feutel-CE is a backdoor Trojan for the Windows platform.
Troj/Feutel-CE includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Feutel-CE copies itself to <Windows>\G1_Server.exe and creates the following files:
<Windows>\G1_Server.DLL
<Windows>\G1_Server_Hook.DLL
The files G1_Server.DLL and G1_Server_Hook.DLL are detected as Troj/Feutel-AN.
The file G1_Server.exe is registered as a new system driver service named "GrayPigeonServer", with a display name of "Gray_Pigeon_Server" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\GrayPigeonServer\
Troj/Feutel-CE changes settings for Microsoft Internet Explorer by modifying values under:
HKCU\Software\Microsoft\Internet Explorer\Main\