Troj/Proxy-GG

Category: Viruses and Spyware
Type: Trojan
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Proxy-GG is a proxy Trojan for the Windows platform. The Trojan allows a remote intruder to access the internet via the infected computer.

When Troj/Proxy-GG is installed the following files are created:

<CurrentFolder>\ <original Trojan filename>
<System>\inetinfo.exe
<System>\llsass.exe
<System>\lsmss.exe
<System>\mdm.exe

All created files are the same, the file includes functionality to access the internet and communicate with a remote server via HTTP.

The following registry entries are created to run inetinfo.exe, llsass.exe, lsmss.exe and mdm.exe on startup:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
run
mdm.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
lsmss.exe
lsmss.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
(default)
llsass.exe

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
load
inetinfo.exe

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy