high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | October 2005 (3.98) |
| Protection available since | 16 August 2005 04:47:15 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Proxmeg-B is a proxy Trojan with downloader capabilities and may be used to send spam email.
When Troj/Proxmeg-B is installed it creates the file <System>\floop.dll. This file is detected as Troj/Proxmeg-B.
Troj/Proxmeg-B includes functionality to:
- provide a proxy server on port 1080
- access the internet and communicate with a remote server via HTTP
- change internet security settings
- suppress error and warning messages generated by Windows system and security related applications
Troj/Proxmeg-B also has downloading capability and may download files to <Temp>\file.exe.
In order to run the DLL automatically, Troj/Proxmeg-B will set the following registry entries:
HKCR\CLSID\(random classID)\InProcServer32
(default)
<System>\floop.dll
HKCR\CLSID\(random classID)\InProcServer32
ThreadingModel
Apartment
Troj/Proxmeg-B will also create the following registry entries to run code exported by OLE Object on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
(random classID)
OLE Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
(random classID)
OLE Object
The following registry entry is set, affecting internet security:
HKCU\Software\Microsoft\Internet Explorer\Security\selfdel
<path to Trojan>
Troj/Proxmeg-B will attempt to suppress error and warning messages generated by Windows system and security related applications.
|
