Troj/Exchan-Gen

Aliases	Trojan-Downloader.Win32.Exchanger.a Trojan-Downloader.Win32.Exchanger.b TR/Crypt.FKM.Gen
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Included in our products from	April 2008 (4.28)
Protection available since	12 February 2008 03:46:12 (GMT)
Detected by	All Sophos products

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/Exchan-Gen is a family of Trojans for the Windows platform.

Members of Troj/Exchan-Gen usually attempt to copy themselves to the Windows system folder, often with a filename of CbEvtSvc.exe or CcEvtSvc.exe, and create a service with the same name to run this file automatically on startup, creating registry entries at the following location:

HKLM\SYSTEM\CurrentControlSet\<Trojan filename>

Members of Troj/Exchan-Gen typically attempt to connect to a remote website and may download and execute further files from there.

Some members of Troj/Exchan-Gen drop a file to the Windows system folder, often with a filename of Apwcmdnt.dll. This file is also detected as Troj/Exchan-Gen.

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Troj/Exchan-Gen

Summary

Action

More Information