Throd is a Trojan that allows a 'master' to use the zombie machine as a proxy server.
The Trojan copies itself in the Windows system folder under a randomly combined multi-partite name:
ms, svc, win, 16, 32, 64, mes, prn, reg
"ms16prn.exe", for example.
In order to auto-launch, the Trojan creates a key in the system registry:
with one of the following names chosen at random:
MS Driver Management
System Directory Service
System Service Control
Windows Messaging System
Throd then attempts to connect to several remote servers and onpass ID information, including IP address and so forth, to the virus coder.
Throd accepts commands from the remote 'master' collets email addresses from the MS Outlook address book in to the mseml.dll file
and uses an http commands to send them to the same remote sites.
Throd can install and launch random files on command.
Throd also works as a proxy server and is capable of accepting and sending any type of data.
Use antivirus (also check How To Remove section)Startuip Optimizer to remove this worm.