high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 13 March 2008 13:19:24 (GMT) |
| Detected by | All Sophos products |
Sophos beta program
- Endpoint Security and Control 9.0
- Small business solutions 4.0
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Agent-GSG is a Trojan for the Windows platform.
Troj/Agent-GSG includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Agent-GSG is installed the following files are created:
<User>\Local Settings\Application Data\spool.exe
<Temporary Internet Files>\Content.IE5\od6fwfox\getupdate[1].htm
<Temporary Internet Files>\Content.IE5\od6fwfox\webbibleschool[1].htm
<System>\drivers\ctfmon.exe
The following registry entries are created to run Troj/Agent-GSG on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
autoload
<User>\Local Settings\Application Data\spool.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ntuser
<System>\drivers\ctfmon.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
autoload
<User>\Local Settings\Application Data\spool.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ntuser
<System>\drivers\ctfmon.exe
The file <System>\drivers\ctfmon.exe is registered as a service named "Schedule" (replacing any existing services named "Schedule"). Registry entries are created or modified under:
HKLM\SYSTEM\CurrentControlSet\Services\Schedule
The following registry entry is set:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
UIHost
logonui.exe
|
