Troj/Madtol-A

Category:	Viruses and Spyware	Protection available since:	08 Oct 2003 00:00:00 (GMT)
Type:	Trojan	Last Updated:	05 Apr 2006 00:00:00 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Madtol-A allows other malware to run on the system without being detected.

Troj/Madtol-A can be configured to hide processes, files, folders, registry entries and Netstat entries.

The Trojan will typically be dropped and installed by other malware. When first run, Troj/Madtol-A copies itself to the Windows System folder and adds its pathname to the following registry entry to run itself automatically on startup:

HKLM\Software\Microsoft\Windows\Currentversion\
Run\ <Trojan filename> = <SYSTEM>\<Trojan filename>

Troj/Madtol-A drops the files Explorer.dll and Iexplorer.dll to the Windows System folder. Whilst the Trojan is active these files may be invisible as may the above registry entry and any files, folders, registry entries or Netstat entries that the Trojan has been configured to hide.

The Trojan injects its stealthing code into the system EXPLORER process, thus disinfection requires the computer to be restarted.

Try Sophos products for free
Download now

Troj/Madtol-A

Free Mac Anti-Virus

Popular topics