high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 31 July 2005 15:40:28 (GMT) |
| Last updated | 13 January 2006 11:41:57 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Feutel-P is a backdoor Trojan which allows a remote intruder to gain access and control over the computer. It can provide keylogging functionality and steal other information about the host.
When first run Troj/Feutel-P copies itself to <Windows>\tw725.exe or <Windows>\G_Server.exe and creates the following files:
<Windows>\tw725.dll
<Windows>\uninstal.bat
or
<Windows>\G_Server.DLL
<Windows>\G_Server_Hook.DLL
The file tw725.exe is registered as a new system driver service named "Microsoft Updata ver2005", with a display name of "Microsoft Updata ver2005" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\Microsoft Updata ver2005\
The file G_Server.exe is registered as a new system driver service named "GrayPigeonServer", with a display name of "Gray_Pigeon_Server" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\GrayPigeonServer\
Troj/Feutel-P changes settings for Microsoft Internet Explorer by modifying values under:
HKCU\Software\Microsoft\Internet Explorer\Main\
It may also attempt to modify the host file under <Windows>\system32\drivers\etc\hosts.
Troj/Feutel-P may set the following registry entry:
HKCU\Software\Microsoft\Internet Explorer\Toolbar
Locked
1
|
