Troj/Fireby-B is a proxy Trojan.
Troj/Fireby-B contacts a pre-specified website and then acts as a proxy server on a random port.
Troj/Fireby-B is a proxy Trojan.
The following registry entry is created to run Troj/Fireby-B on startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Anti-Virus Update Scheduler V1.39.12R
<pathname of the Trojan executable>
Troj/Fireby-B sets the following registry entries to try to bypass the Windows firewall:
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\List\
<full path of Trojan> =
<full path of Trojan>:*:Enabled:Server
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\
FirewallPolicy\DomainProfile\AuthorizedApplications\List\
<full path of Trojan> =
<full path of Trojan>:*:Enabled:Server
Troj/Fireby-B contacts a pre-specified website and then acts as a proxy server on a random port.