Troj/SpyTool-GK

Category: Viruses and Spyware
Type: Trojan
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/SpyTool-GK is a Trojan for the Windows platform.

The Trojan hooks into the Explorer process and attempts to terminate processes containing the following strings:

intrenat
iparmor
mailmon
passwordguard
ravmon

The Trojan also attempts to download and execute files from a remote site.

When first run, Troj/SpyTool-GK copies itself to the Windows system folder as msiapi.dll. The following registry entries are created by Troj/SpyTool-GK:

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\
ShellExecuteHooks
{<CLSID>}
Msiapi.dll

HKCR\CLSID\{<CLSID>}\InprocServer32
@
<Windows system folder>\msiapi.dll

HKCR\CLSID\{<CLSID>}\InprocServer32
ThreadingModel
Apartment

Where <CLSID> is {FDF59742-06D6-12D2-8D71-00A0C98B38E6}.