TR/Small.FI is a Trojan that takes over the targeted web browser and disables protection of important system files. TR/Small.FI inserts itself into the files that are typically protected under the Windows File Protection policy. Before affecting such files, TR/Small.FI takes over the process called ‘winlogon.exe’ that results in the nullification of the files protected status and, basically, permits TR/Small.FI to be embedded into corrupted files. TR/Small.FI is copied from PC to PC with corrupted files and is extracted into random folders, usually within the System Files directory, at every subsequent workstation. The resulted entry created when affected files are run is a self-staring redirecting agent, which connects the corrupted machine to websites with .pl domain as specified in its latest update so that the remote hackers try to control the targeted computer via a remote server.
How Can You Detect TR/Small.FI?