Troj/Dloader-NY

Troj/Dloader-NY is a Trojan for the Windows platform.
Troj/Dloader-NY includes functionality to silently download, install and run new software. The downloaded software is then copied to the location \windowsupdatemanager.exe and executed.
When first run Troj/Dloader-NY copies itself to any of the following filenames:
\svcman.exe\svcrun.exe\localsvc.exe\websvc.exe\netsvc.exe\tcpsvc.exe\svcadmin.exe\spoolsvc.exe
The following registry entries are then randomly created to run Troj/Dloader-NY on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunWindows Service Manager
HKLM\Software\Microsoft\Windows\CurrentVersion\RunWindows Service Manager
HKCU\Software\Microsoft\Windows\CurrentVersion\RunRun Services as Application
HKLM\Software\Microsoft\Windows\CurrentVersion\RunRun Services as Application
HKCU\Software\Microsoft\Windows\CurrentVersion\RunWindows Local Services
HKLM\Software\Microsoft\Windows\CurrentVersion\RunWindows Local Services
HKCU\Software\Microsoft\Windows\CurrentVersion\RunWindows Web Services
HKLM\Software\Microsoft\Windows\CurrentVersion\RunWindows Web Services
HKCU\Software\Microsoft\Windows\CurrentVersion\RunWindows .Net Manager
HKLM\Software\Microsoft\Windows\CurrentVersion\RunWindows .Net Manager
HKCU\Software\Microsoft\Windows\CurrentVersion\RunTcp Application Manager
HKLM\Software\Microsoft\Windows\CurrentVersion\RunTcp Application Manager
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices Administrator
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices Administrator
HKCU\Software\Microsoft\Windows\CurrentVersion\RunSpooler SubSystem Application
HKLM\Software\Microsoft\Windows\CurrentVersion\RunSpooler SubSystem Application