Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Troj/Tofger-O

Feb 27, 2004 12:16AM PST

Aliases
TrojanDropper.Win32.OnlineService, MultiDropper-GP.a, TROJ_BIZAI.A

Type
Trojan

Description
Troj/Tofger-O is a multi-component Trojan which consists of a main dropper, a backdoor Trojan component and keylogging component.
The Trojan attempts to terminate processes named svchost.exe and drops the following files and then executes C:\<Windows>\SVCHOST.EXE:

C:\<Windows>\MSTO32.DLL
C:\<Windows>\SVCHOST.EXE
C:\<Windows>\SYSINI.INI
C:\<Windows>\wingua_.EXE

Troj/Tofger-O also adds the following entry to the registry to run SVCHOST.EXE on system restart:


More: http://www.sophos.com/virusinfo/analyses/trojtofgero.html

Discussion is locked