high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | February 2005 (3.90) |
| Protection available since | 7 January 2005 21:28:38 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
Change any data that may have become compromised.
More Information
Troj/Feutel-A is a downloader, keylogger and backdoor Trojan for the Windows platform.
Troj/Feutel-A attempts to download several files from preconfigured internet sites. The Trojan also sets up a keylogging component and a backdoor which allows a remote intruder to control the infected computer. Troj/Feutel-A is a downloader, keylogger and backdoor Trojan for the Windows platform.
Troj/Feutel-A attempts to download several files from preconfigured internet sites. The Trojan also sets up a keylogging component and a backdoor which allows a remote intruder to control the infested computer.
Troj/Feutel-A copies itself to the Windows folder as "G-Server.exe" and creates files in the same folder called "G_Server.DLL" and "G_Server_Hook.DLL". The Trojan may also create a temporary file which is then deleted.
On NT-based versions of Windows Troj/Feutel-A registers itself as a service process called GrayPigeonServer with the display name "Gray_Pigeon_Server". Registry entries are created under HKLM\SYSTEM\CurrentControlSet\Services\GrayPigeonServer\ and HKLM\SYSTEM\CurrentControlSet\Services\mchInjDrv\
Troj/Feutel-A also creates the following registry entry:
HKCU\Software\Microsoft\Internet Explorer\Main\
Check_Associations
no
|
