Troj/Haxdoor-AY is a downloading Trojan for the Windows platform.
Troj/Haxdoor-AY creates the following registry entries in order to run automatically at Windows log-on:
On NT machines:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
DllName
<filename>
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Startup
expF4
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Impersonate
1
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Asynchronous
1
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
MaxWait
1
On 9x machines:
HKLM\System\CurrentControlSet\Control\MPRServices\TestService
DllName
<filename>
HKLM\System\CurrentControlSet\Control\MPRServices\TestService
EntryPoint
expF4
HKLM\System\CurrentControlSet\Control\MPRServices\TestService
StackSize
0
Troj/Haxdoor-AY downloads a file from a preconfigured website and executes it.