Troj/SpamToo-AV is a Trojan for the Windows platform.
Troj/SpamToo-AV includes functionality to:
- Access the internet and communicate with a remote server via HTTP.
- Act as an email spam proxy.
When first run Troj/SpamToo-AV copies itself to <Temp>\<original filename>
Troj/SpamToo-AV creates the following files:
<System>\rsvp322.dll - detected as Mal/Cimuz-D.
<System>\sporder.dll - clean, can be deleted safely.
The following registry entry is created in order to bypass the Windows firewall:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List\<Program Files>\Internet Explorer\IEXPLORE.EXE
<Program Files>\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer