Troj/Narod-D is a password stealing Trojan for the Windows platform.
When first run Troj/Narod-D copies itself to the Windows system folder as systemp.exe and drops two DLL components to the same folder. The DLL components have the filenames sysp.dll and systemp.dll. A copy of the Trojan is also created with the filename sp.dat.
Troj/Narod-D may also open a backdoor and await commands from a remote attacker.
Troj/Narod-D is a password stealing Trojan for the Windows platform.
When first run Troj/Narod-D copies itself to the Windows system folder as systemp.exe and drops two DLL components to the same folder. The DLL components have the filenames sysp.dll and systemp.dll. A copy of the Trojan is also created with the filename sp.dat.
Troj/Narod-D creates the following registry entries in order to run as a service process:
HKCR\CLSID\<CLSID>\InProcServer32\
default
systemp.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\
ShellServiceObjectDelayLoad\
systemp<CLSID>
Where <CLSID> is randomly generated.
Troj/Narod-D may also open a backdoor on port 3128 and await commands from a remote user.