Troj/Proxy-S is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
Troj/Proxy-S includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Proxy-S copies itself to <System>\fwdmon.exe.
The following registry entry is created to run fwdmon.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
FWDMON.EXE
<System>\fwdmon.exe
The following registry entries are set, affecting internet security:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List\
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List\<Windows>\System32
fwdmon.exe
<System>\fwdmon.exe:*:Enabled:FWDMON.EXE