Aliases
-
TR/Rootkit.Gen
-
Trojan-Proxy.Win32.Small.du
-
Trojan-Proxy.Win32.Small.ck
Characteristics
-
Turns off anti virus applications
-
Steals information
-
Uses its own emailing engine
-
Downloads code from the internet
-
Installs itself in the registry
-
Exploits known vulnerabilites
Affected Operating Systems
Recovery Instructions:
Please follow the instructions for removing Trojans.
Due to its stealthing functionality, removal of Troj/SpamToo-AY will require the use of Sophos Anti-Rootkit. When scanned using this tool, a computer infected with Troj/SpamToo-AY will report an "Unknown hidden process" and a "Hidden registry value" both referring to a hidden file. Additionally, many legitimate Windows system files will also be reported as hidden that should not be removed. Therefore, select clean-up for only the file referred to as a hidden process.