Troj/DwnLdr-FYD is a downloader Trojan for the Windows platform.
When run Troj/DwnLdr-FYD creates the following files:
<System>\peers.ini - this file can be safely deleted
<System>\wincom32.sys - this file is detected as Troj/DwnLdr-FYD
Troj/DwnLdr-FYD is registered as a new system driver service named "wincom32" with a display name of "wincom32" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINCOM32\
HKLM\SYSTEM\CurrentControlSet\Services\wincom32\
Troj/DwnLdr-FYD includes functionality:
- to download code from the internet
- attach code to the process SERVICES.EXE