Troj/Hupigon-TA is a backdoor Trojan for the Windows platform.

When first run, Troj/Hupigon-FU copies itself to (Windows)\GHFHGJHNSSJDW.exe.

The file GHFHGJHNSSJDW.exe is registered as a new system driver service named "Application Layer Gateway Serv,” with a display name of "Application" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:


HKLM\SYSTEM\CurrentControlSet\Services\Application Layer Gateway Serv\

More information can be found at this Sophos page.