Troj/Dloader-NY

Please follow the instructions for removing Trojans.

Troj/Dloader-NY is a Trojan for the Windows platform.

Troj/Dloader-NY includes functionality to silently download, install and run new software. The downloaded software is then copied to the location <Windows>\windowsupdatemanager.exe and executed.

When first run Troj/Dloader-NY copies itself to any of the following filenames:

<Windows>\svcman.exe
<Windows>\svcrun.exe
<Windows>\localsvc.exe
<Windows>\websvc.exe
<Windows>\netsvc.exe
<Windows>\tcpsvc.exe
<Windows>\svcadmin.exe
<Windows>\spoolsvc.exe

The following registry entries are then randomly created to run Troj/Dloader-NY on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Windows Service Manager

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Windows Service Manager

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Run Services as Application

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Run Services as Application

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Windows Local Services

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Windows Local Services

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Windows Web Services

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Windows Web Services

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Windows .Net Manager

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Windows .Net Manager

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Tcp Application Manager

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Tcp Application Manager

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Services Administrator

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Services Administrator

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Spooler SubSystem Application

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Spooler SubSystem Application