Troj/Tompai-D is a backdoor Trojan for the Windows platform.
Troj/Tompai-D will open a backdoor on the infected system and report the infection by contacting a predefined URL and via email.
Troj/Tompai-D gives the following options to a remote user:
Access folder.
Access parent folder.
Change attribute of file/folder.
Change drive.
Delete any file.
Execute any file.
Force PC to Shut Down.
Get IP WAN.
Get the date/time of the server.
Get the list of commands supported by the server
Get the list of the directories.
Get the list of the files.
Logoff PC.
Logout from the server.
Reboot the PC.
Show the User.
Troj/Tompai-D will copy itself to C:\windows\system as Devices2.exe and Devicesnt.exe. The Trojan will then create the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Cmpnt
"C:\WINDOWS\system\Devices2.exe"