Troj/PPdoor-N

Aliases	Backdoor.Win32.PPdoor.aa BackDoor-CHC
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	10 August 2005 08:12:36 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Troj/PPdoor-N is a backdoor Trojan for the Windows platform.

When Troj/PPdoor-N is installed the following files are created:

<System>\vnetbsh.dll
<System>\wtadraaa.dll

Both DLL files are non-executable and can be deleted.

The following registry entries are created to run the Trojan and any exported library code on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Client Agent
<System>\ipxwping.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Internet Agent
<random classid>

Troj/PPdoor-N will act as a backdoor Trojan that will listen for backdoor commands. The Trojan may also act as a SOCKS, mail and P2P proxy.

Get reports about the latest virus and spyware threats delivered to your computer