Troj/TheMouse-A

Aliases	Backdoor.Win32.Agent.cx
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Drops more malware
Included in our products from	June 2006 (4.06)
Protection available since	6 October 2004 08:52:21 (GMT)
Last updated	20 April 2006 09:01:26 (GMT)
Detected by	All Sophos products

When first executed, Troj/TheMouse-A causes an immediate shut down.

Troj/TheMouse-A will drop various files including:

%windows%/notepad.ini
%system32%/dlyinf.exe

In order to start itself, it will attempt to append the string 'dlyinf' to the following strings in hex:

HKLM\SYSTEM\ControlSet001\Control\Session Manager\BootExecute
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute

Get reports about the latest virus and spyware threats delivered to your computer