description-logo Description

Smoke is a backdoor trojan that connects to a Command & Control server in order to provide access to the compromised computer. Smoke is sold as a modular tool, which allows owners to customize their use of this malware.

Symptoms

.exe file dropped to C:\Documents and Settings\Administrator\Application Data\

The following registry key may be modified: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\E

Analysis

Smoke can carry out various botnet functions, including keystroke and password grabbing.

recommended-action-logoInstructions

It is not recommended that any attempts to remove this family of malware be performed manually. Fortinet recommends running a full scan of your system using FortiClient Endpoint Protection to remove this threat.

Telemetry logoTelemetry