Troj/PPdoor-B is a backdoor Trojan with proxy functionality.
In order to run automatically each time Explorer is run, Troj/PPdoor-B may set the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
NTDBGTOOL
<CLSID>
HKCR\CLSID\<CLSID>\InProcServer32
(Default)
<path to Trojan DLL>
Troj/PPdoor-B will attempt to bypass the Windows XP Firewall by setting the following registry entries:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
DomainProfile
DoNotAllowExceptions
0
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
DomainProfile\AuthorizedApplications\List
<path to filename EXE>
<path to filename EXE>*:enabled:<filename>
where the filename will correspond to either a dropper Trojan or Explorer if the Trojan DLL has been loaded automatically.
Troj/PPdoor-B will drop two data files named DMCICAAA.DLL and MSNET64.DLL to the Windows system folder.
Troj/PPdoor-B will act as a backdoor Trojan that will listen for backdoor commands. The Trojan may also act as a SOCKS, mail and P2P proxy.