Encyclopedia entry
Updated: Apr 17, 2011 | Published: Jul 14, 2007
Aliases
Alert Level (?)
Severe
Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Updated: Apr 17, 2011 | Published: Jul 14, 2007
Aliases
-
Trojan-Downloader.Win32.Agent.bqw (Kaspersky)
- Trojan-Downloader.Win32.Agent.bvd (Kaspersky)
- FakeAlert-K (McAfee)
- Generic Downloader (McAfee)
- W32/Agent.BRUP (Norman)
- W32/DLoader.CWGF (Norman)
- Troj/Dloadr-BAT (Sophos)
- Troj/FakeVir-AB (Sophos)
- Downloader (Symantec)
- SpySherriff (Symantec)
- PAK_Generic.001 (Trend Micro)
- TROJ_AGENT.AAGU (Trend Micro)
- TROJ_RENOS.NAT (Trend Micro)
Alert Level (?)
Severe
Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
| Detection last updated: Definition: 1.121.1275.0 Released: Mar 10, 2012 | Detection initially created: Definition: 1.45.287.0 Released: Oct 07, 2008 |
Summary
TrojanDownloader:Win32/Agent is family of Trojans that download potentially unwanted software from a remote Web site. The downloaded content could include anything from additional downloader Trojans, to imitation security programs.
Symptoms
Symptoms vary greatly among variants, but in all cases, the Trojan attempts to download files from a remote Web site. In some cases, potentially unwanted software is downloaded and installed. Firewall alerts may trigger, giving an indication that a program is unexpectedly attempting to contact a remote Web site.
Technical Information (Analysis)
TrojanDownloader:Win32/Agent is family of Trojan downloaders. Win32/Agent downloads potentially unwanted software from a remote Web site. The content could include anything from additional downloader Trojans, to imitation security programs.
For example, when a variant of TrojanDownloader:Win32/Agent is run, it may perform the following actions:
- Drop a file as <system folder>\wudb.dll
- Modify the registry to run this copy of the Trojan as a browser helper object:
Adds value: DllName
With data: <system folder>\wudb.dll
To subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wudb
The next time Windows is started, TrojanDownloader:Win32/Agent runs in the background, and attempts to download potentially unwanted software.
Žádné komentáře:
Okomentovat