Follow:

You have been re-routed to the Backdoor:Win32/Tofsee.I write up because Backdoor%3aWin32%2fTofsee.I has been renamed to Backdoor:Win32/Tofsee.I
 

Backdoor:Win32/Tofsee.I


Backdoor:Win32/Tofsee.I is a component of Win32/Tofsee - a multi-component family of backdoor trojans that act as a spam and traffic relay.


What to do now

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials, or the Microsoft Safety Scanner. For more information about using antivirus software, see http://www.microsoft.com/security/antivirus/av.aspx.

Threat behavior

Backdoor:Win32/Tofsee.I is a component of Win32/Tofsee - a multi-component family of backdoor trojans that act as a spam and traffic relay. This component is used to load the main component, detected as Backdoor:Win32/Tofsee.F.
 
Backdoor:Win32/Tofsee.F functions as an HTTP proxy, using its backdoor functionality to receive commands that may order it to generate and send e-mail.
 
For more information, please see the Backdoor:Win32/Tofsee.F description elsewhere in our encylopedia.
 
Analysis by Jireh Sanico

Symptoms

There are no obvious symptoms that indicate the presence of this malware on an affected machine.

Prevention


Alert level: Severe
First detected by definition: 1.51.445.0
Latest detected by definition: 1.193.1096.0 and higher
First detected on: Feb 11, 2009
This entry was first published on: Apr 15, 2009
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • Win-Trojan/Agent2.31744 (AhnLab)
  • Trojan.Win32.Agent2.gik (Kaspersky)
  • W32/Smalltroj.LNZX (Norman)
  • TrojanDropper:Win32/Tofsee.gen!A (Microsoft)