Troj_Small.IAU is a Trojan that usually arrives on a system as an attachment to spammed email messages.

Upon execution, it drops a copy of itself as ISXA.EXE in the Windows system folder. It also drops a non-malicious text file named C656.TX in the %System%\Drivers folder. The said text file contains several URLs.

(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.)


It connects to URLs to download certain files. As a result of this download routine, the behavior of the said files can be observed on the affected system. Trend Micro detects one of the downloaded files as TROJ_SMALL.EJA.

Technical details can be found at this Trend Micro page.