Troj/Small-ELY

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Protection available since	18 August 2008 07:07:12 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/Small-ELY is a proxy Trojan for the Windows platform.

When run Troj/Small-ELY copies itself to <Windows>\services.exe and sets the following registry entries:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
Start
4

HKLM\SOFTWARE\Microsoft\Security Center
FirewallDisableNotify
1

HKLM\SOFTWARE\Microsoft\Security Center
FirewallOverride
1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
services
<Windows>\services.exe

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
EnableFirewall
0

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
EnableFirewall
0

HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
Start
4

Registry entries may also be created under:

HKCU\Software\Microsoft\Internet Explorer\Desktop

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Troj/Small-ELY

Summary

Action

More Information