W32/Frethog-C is a worm for the Windows platform.
W32/Frethog-C includes functionality to access the internet and communicate with a remote server via HTTP.
When first run W32/Frethog-C copies itself to <Temp>\nod1.tmp and creates the following files:
<Root>\autorun.inf
<Root>\lel3cx.com
<System>\optyhww0.dll
<System>\urretnd.exe
<System>\drivers\klif.sys
The following registry entry is created to run urretnd.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
cbvcs
<System>\urretnd.exe