Troj/Legmir-Q is a password-stealing Trojan.
In order to run automatically when Windows starts up the Trojan copies
itself as INTRENAT.EXE and WINSOCKS.DLL to the Windows folder and
Windows system folder and adds the following registry entries in order to run
on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Intrenat
= C:\WINDOWS\intrenat.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Intrenat
= C:\WINDOWS\intrenat.exe
Troj/Legmir-Q may also attempt to drop a keylogging dll. This file is
already detected as Troj/Legmir-E.