Troj/Optix-D

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Included in our products from	December 2004 (3.88)
Protection available since	14 October 2004 07:52:16 (GMT)
Detected by	All Sophos products

Troj/Optix-D is a backdoor Trojan for the Windows platorm. The backdoor allows a remote attacker to connect to and control the infected computer.

Troj/Optix-D copies itself into the Windows system folder as smsiexec.exe and adds the following registry entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
GLSetT32 = "<Windows system folder>\smsiexec.exe"

The Trojan may also add to or modify the win.ini and system.ini files and registry entries under:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKCR\Exefile\Shell\Open\Command

Once the Trojan is installed it sends an email message to a remote attacker with information about the infected computer.

The backdoor includes funtions such as:

file transfer
keyboard logging
screen capture
video capture

Get reports about the latest virus and spyware threats delivered to your computer