Troj/NetDevil-A

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	7 August 2005 14:30:11 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Troj/NetDevil-A is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.

When first run Troj/NetDevil-A copies itself to <System>\iexplorer.ie.

Troj/NetDevil-A sets the following registry entry so as to run itself on system startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
iexplorer=
<System>\iexplorer.ie

Troj/NetDevil-A sets the following registry entries so as to run the copy of itself correctly with the .ie extension:

HKCR\.ie\
(default)=
iefile

HKCR\iefile\shell\open\command\
(default)=
%1

The Trojan may attempt to terminate processes related to anti-virus and security applications.

Get reports about the latest virus and spyware threats delivered to your computer