English
Deutsch
Francais
Español
Italian
Home
Virus Info
TR/Agent.AGNY
Search
Home
Support
Solutions
Products
Downloads
Virus Info
Statistics
Phishing Worldmap
VDF History
Virus Science
Submit Sample
Security News
Viruses In the Wild
Company
Press
Partners
Newsletter
TR/Agent.AGNY - Trojan
See also
Summary
Full description
Statistics
How would you rate this information?
Worthless
Excellent
Virus:
TR/Agent.AGNY
Date discovered:
24/01/2008
Type:
Trojan
In the wild:
Yes
Reported Infections:
Low
Distribution Potential:
Low to medium
Damage Potential:
Low to medium
Static file:
Yes
File size:
205.449 Bytes
MD5 checksum:
0A834d4813f7b44024b2e68d20957aee
IVDF version:
7.00.02.41
- Thu, 24 Jan 2008 12:12 (GMT+1)
General
Method of propagation:
• Mapped network drives
Aliases:
• Mcafee: W32/Autorun.worm.g
• Kaspersky: Trojan-Downloader.Win32.Agent.hzy
• F-Secure: Trojan-Downloader.Win32.Agent.hzy
• Eset: Win32/AutoRun.HL
• Bitdefender: Trojan.Agent.AGNY
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Side effects:
• Drops files
• Lowers security settings
Files
It copies itself to the following locations:
• c:\windows\system\lsass.exe
• C:\RECYCLER\Recycler\AutoLaunch.exe
•
%TEMPDIR%
\services.exe
It creates the following directory:
•
%TEMPDIR%
\WinSecurityUpd
The following files are created:
– drive:\autorun.inf This is a non malicious text file with the following content:
•
%code that runs malware%
–
%TEMPDIR%
\WinSecurityUpd\ms_auto This is a non malicious text file with the following content:
•
%code that runs malware%
–
%TEMPDIR%
\WinSecurityUpd\ms_drvlst This is a non malicious text file with the following content:
• ABCDEFGHIJKLMNOPQRSTUVWXYZ
–
%TEMPDIR%
\WinSecurityUpd\udpate~1.tmp This is a non malicious text file with the following content:
• file
–
%TEMPDIR%
\csrss.bat This is a non malicious text file with the following content:
•
%TEMPDIR%
\csrss.bat
–
%TEMPDIR%
\ltmpp.bat Furthermore it gets executed after it was fully created. This batch file is used to delete a file.
–
%TEMPDIR%
\lsassexe.bat Furthermore it gets executed after it was fully created. This batch file is used to delete a file.
It tries to executes the following files:
– Filename:
•
%SYSDIR%
\netsh.exe
using the following command line arguments: firewall set opmode disable
– Filename:
•
%SYSDIR%
\cmd.exe
using the following command line arguments: /c if exist
%TEMPDIR%
\csrss.bat call
%TEMPDIR%
\csrss.bat
– Filename:
•
%SYSDIR%
\ping.exe
using the following command line arguments: google.com >
%TEMPDIR%
\ping2.log
File details
Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
• UPX
See a brief description
here
.
Description inserted by Andrei Gherman on Thu, 19 Jun 2008 09:49 (GMT+1)
Description updated by Andrei Gherman on Thu, 19 Jun 2008 10:10 (GMT+1)
»
About Malware
»
About Phishing
»
Viruses In the Wild
« back
Print this page
Worm/Bagle.FJ
W32/Elkern.C
Worm/Mytob.DH
Worm/Mytob.CR
Worm/Netsky.D.Dam
TR/Dldr.Agent.aizj
JS/Dldr.Small.CR.2
TR/Dldr.Agent.XAE
JS/Dldr.Agent.bbt
HTML/IFrame.800
Get comfortable up to the minute info from Avira as
Detects and removes the following malware and its variants:
Worm/Sober.J
Worm/Sober.P
Worm/Sober.Y
W32/Stanit.A
Worm/NetSky.AA
Worm/NetSky.B.1
Worm/NetSky.C
Worm/Netsky.D.Dam
Worm/NetSky.P
Worm/NetSky.X
Worm/Mytob.IN.2
Worm/Mytob.KS
TR/Spy.Banker.AATZ
TR/Spy.Banker.AATZ.1
TR/Spy.Banker.AATZ.2
TR/Spy.Banker.AATZ.3
Download here
Click
here
to get the panel...
© 2008 Avira GmbH
Copyright
Privacy
Sitemap
Feedback
Imprint
FAQ
Contact
Virus Info TR/Agent.AGNY
Print this page
.gif)
