Troj/Ranck-DQ

Aliases	Trojan-Proxy.Win32.Agent.if
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	8 February 2006 11:01:43 (GMT)
Detected by	All Sophos products

Sophos beta program
Register now for our latest beta tests

Troj/Ranck-DQ is a backdoor Trojan that allows a remote intruder to route HTTP
traffic through the infected computer.

The following registry entry is created to run Troj/Ranck-DQ on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ihost.exe
<pathname of the Trojan executable>

Troj/Ranck-DQ may also modify the following registry entry:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile
EnableFirewall

Troj/Ranck-DQ when run listens on a randomly chosen TCP port and redirects HTTP
traffic.

Get reports about the latest virus and spyware threats delivered to your computer