Troj/Slogger-F

Aliases	Trojan-Proxy.Win32.Wopla.n Downloader-JF.dr
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	7 December 2005 11:27:24 (GMT)
Detected by	All Sophos products

Sophos beta program
Register now for our latest beta tests

Troj/Slogger-F is a backdoor Trojan for the Windows platform.

When first run, Troj/Slogger-F copies itself to /.exe and create
s the file <System>/<random>.dll.

Troj/Slogger-F includes functionality to:

- communicate with remote servers via HTTP
- send email

The following registry entry is created to run code exported by the Trojan library on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
ShellServiceObjectDelayLoad
SysTray.Exiv
(2963ECFC-4E5C-2f3b-B334-D67434FC72E0)

The file <random>.dll is registered as a COM object, creating registry entries under:

HKCR\CLSID\(2963ECFC-4E5C-2f3b-B334-D67434FC72E0)

Troj/Slogger-F changes settings for Microsoft Internet Explorer by modifying values under:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\

Get reports about the latest virus and spyware threats delivered to your computer