SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.Agent.ABB

LOW
LOW
varies
()

Symptoms

The presence of :

  • - file named tmpX.tmp in %TEMP% directory, X is a random digit.
  • - registry key HKEY_CURRENT_USER\\Software\\Classes\\XML2
  • - mutex "QGAVSUIORBQKOVG"

If Microsoft Internet Explorer is running when the trojan is opened, the browser window disappears.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Mihai Calota, virus researcher

Technical Description:

Trojan.Agent.ABB connects to free ukrain-hosted website via port 80 and waits for further commands.

When the file is executed, it drops a downloader DLL component in %TEMP% folder and hijacks an instance of Microsoft Internet Explorer, for firewall bypass pourposes.

Trojan aims to install other malware and does not survive Windows restart.

Antivirus Software For Home Users
Business Security Solutions
Latest News
Tools & Resources