Troj/Tofger-AP

Aliases	Trojan-Dropper.Win32.Small.gr MultiDropper-GP.d
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	26 July 2005 20:47:08 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Troj/Tofger-AP is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.

The Trojan is able to log keypresses. Stolen information is sent to a remote user by email.

When Troj/Tofger-AP is installed the following files are created:

<Windows>\adrt32.dll
<Windows>\svchost.exe
<Windows>\winili.ini

The files adrt32.dll and svchost.exe are also detected as Troj/Tofger-AP. The file winili.ini is used to store stolen information.

The following registry entry is created to run svchost.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Perfomance Settings
<Windows>\svchost.exe

Registry entries are created under:

HKLM\SOFTWARE\Microsoft\Rotym\

Get reports about the latest virus and spyware threats delivered to your computer