Troj/DwnLdr-FVC

Aliases	Trojan-Downloader.Win32.Small.dwc
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Included in our products from	December 2006 (4.12)
Protection available since	8 November 2006 05:33:18 (GMT)
Detected by	All Sophos products

Troj/DwnLdr-FVC is a Trojan for the Windows platform.

When Troj/DwnLdr-FVC is installed it creates the file <Common Files>\System\<random characters>.dll. This file can be safely deleted.

The following registry entry is created to run code exported by Network Neighborhood on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\SharedTaskScheduler
(9F143C3A-1457-6CCA-03A7-7AA23B61E40F)
Network Neighborhood

The file kbui32.dll is registered as a COM object, creating registry entries under:

HKCR\CLSID\(9F143C3A-1457-6CCA-03A7-7AA23B61E40F)

Troj/DwnLdr-FVC includes functionality to:

- run netshell commands to allow processes to bypass existing firewall settings
- download code from the internet

Get reports about the latest virus and spyware threats delivered to your computer