Troj/Padodor-U is a password stealing Trojan.
When first run, Troj/Padodor-U will copy itself to the Windows System folder as SYSTEMIL.EXE. The Trojan will also create a copy of itself as IL.DAT.
Troj/Padodor-U will drop the files SYSIE.DLL and SYSIL.DLL. These files are detected as Troj/Padodor-N.
In order to run the Trojan automatically on startup, Troj/Padodor-U will set the following registry entries:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
ShellServiceObjectDelayLoad
systemil(Random CLSID)
HKCR\CLSID\(Random CLSID)\InProcServer32
(Default)
sysil.dll
Troj/Padodor-U monitors access to banking websites in order to steal username and password information.