Troj/Agent-QY

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	11 January 2006 21:27:23 (GMT)
Last updated	25 January 2006 13:58:13 (GMT)
Detected by	All Sophos products

Sophos beta program
Register now for our latest beta tests

Troj/Agent-QY is a Trojan for the Windows platform.

Troj/Agent-QY includes functionality to access the internet and communicate with a remote server via HTTP.

When first run, Troj/Agent-QY drops a DLL component to the system folder with the filename fldrsys.dll.

Troj/Agent-QY creates the following registry entry to ensure this DLL is loaded by Explorer on startup :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
fldrsys
{A49667E0-E10C-4BAB-98B5-54FC5A6F3AF9}

With the corresponding class identifier created under :

HKCR\CLSID\{A49667E0-E10C-4BAB-98B5-54FC5A6F3AF9}\InprocServer32
@
fldrsys.dll

Get reports about the latest virus and spyware threats delivered to your computer