Troj/Feutel-F is a backdoor Trojan for the Windows platform.
When first run, Troj/Feutel-F copies itself to <Windows folder>\systemdll32.exe and drops the following files:
<Windows folder>\systemdll32.DLL
<Windows folder>\systemdll32Key.DLL
On Windows 9x computers, the Trojan creates the following registry entry in order to run automatically each time a user logs in:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
systemdll32.exe
<Windows folder>\systemdll32.exe
On Windows NT based computers, the Trojan installs itself as a service named COMsys32, with a display name of "COM+ System32 Application". Registry entries will be created under the following branch:
HKLM\SYSTEM\CurrentControlSet\Services\COMsys32
In particular, the following registry entry will be set:
HKLM\SYSTEM\CurrentControlSet\Services\COMsys32
ImagePath
<Windows folder>\systemdll32.exe
Troj/Feutel-F contains backdoor functionality that allows a remote user to:
access the computer's file system.
create screen and video captures.
listen in on the infected computer.
download and upload files.