Troj/Ranck-EK

Aliases	Win32/TrojanProxy.Agent.FB
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Included in our products from	August 2006 (4.08)
Protection available since	23 May 2006 21:17:32 (GMT)
Last updated	25 June 2006 19:51:45 (GMT)
Detected by	All Sophos products

Troj/Ranck-EK is a proxy Trojan that allows a remote attacker to route network traffic through the infected computer.

Troj/Ranck-EK includes functionality to access the internet and communicate with a remote server via HTTP.

The following registry entry is created to run Troj/Ranck-EK on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Anti-Virus Update Scheduler V1.39.12R
<pathname of the Trojan executable>

The following registry entries are set, affecting internet security:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\List
(default)
:*:Enabled:svc

Get reports about the latest virus and spyware threats delivered to your computer