Troj/Small-ER

Aliases	Trojan-Downloader.Win32.Small.bug Downloader-GS
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	1 November 2005 15:28:44 (GMT)
Detected by	All Sophos products

Sophos beta program
Register now for our latest beta tests

Troj/Small-ER is a backdoor Trojan which can be used as a proxy and
is capable of downloading and executing arbitrary files.

Troj/Small-ER drops child.dll in the Windows system folder and sets the
following registry entries to ensure startup on system logon.

HKCR\CLASSES\CLSID\(4F141CBA-1457-6CCA-03A7-7AA21B61EA0F)
InProcServer32
<System>\child.dll

HKCR\CLSID\(4F141CBA-1457-6CCA-03A7-7AA21B61EA0F)
InProcServer32\ThreadingModel
Apartment

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ SharedTaskScheduler\
(4F141CBA-1457-6CCA-03A7-7AA21B61EA0F)
OutPost FireWall

To avoid detection, Troj/Small-ER may delete netlog.exe on startup.

Get reports about the latest virus and spyware threats delivered to your computer