Smoke
Description
Smoke is a backdoor trojan that connects to a Command & Control server in order to provide access to the compromised computer. Smoke is sold as a modular tool, which allows owners to customize their use of this malware.
Symptoms
.exe file dropped to C:\Documents and Settings\Administrator\Application Data\
The following registry key may be modified: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\E
Analysis
Smoke can carry out various botnet functions, including keystroke and password grabbing.
Instructions
It is not recommended that any attempts to remove this family of malware be performed manually. Fortinet recommends running a full scan of your system using FortiClient Endpoint Protection to remove this threat.