Troj/Gonori-A

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	4 May 2005 12:36:08 (GMT)
Detected by	All Sophos products

Sophos beta program
Register now for our latest beta tests

Troj/Gonori-A is a Trojan for the Windows platform.

Troj/Gonori-A contains the popular minesweeper game, but drops a backdoor Trojan file when the game is exited.

Troj/Gonori-A downloads instructions from a number of preconfigured internet sites.

Troj/Gonori-A creates the file "system" in the Windows system folder.

The Trojan sets the following registry entry in order to run every time an EXE files is run on the infected computer:

HKCR\exefile\Shell\open\command
@
%System%\System "%1" %*

By default this entry is

HKCR\exefile\Shell\open\command
@
"%1" %*

The Trojan creates the following registry entry:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
NoSplash
1

Troj/Gonori-A also creates a number of registry entries for its own use under:

HKCU\Software\Microsoft\Mole

Get reports about the latest virus and spyware threats delivered to your computer