Troj/Regldr-A is a simple Trojan that copies itself to the windows folder as the file Reg32.exe and sets the following registry entry so that it will be executed on system restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Reg32
= C:\Windows\Reg32.exe
Troj/Regldr-A will also set the registry entries listed below to point to the page secure.html located in the default Windows folder. This HTML page claims that the system has been compromised by spyware and prompts the user to visit the URL
http://www.privacyoutpost.com/enter.html?wm=dkvage.
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
HKCU\Software\Microsoft\Internet Explorer\Main\Local Page
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
HKLM\Software\Microdoft\Internet Explorer\Main\Local Page
HKLM\Software\Microsoft\Internet explorer\Main\Start Page