Trojan.Downloader.Agent.awf
LOW
LOW
40KB
(Backdoor:Win32/Zonebac.B(OneCare); Trojan-Downloader.Win32.Agent.awf(KAV))
Symptoms
Presence of "abc123.pid" file in %TEMP% folder
Unespected internet activity
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Ovidiu Visoiu, virus researcher
Technical Description:
The trojan launches "iexplore.exe" with a parameter consist from folowing URLs:
http://209.167.111.110/[removed]/200948704/477/0/31/0[removed]12260025[varible].html
http://222.133.3.210/[removed]/200948704/477/0/31/0[removed]12260025[varible].html
Tries to stop known security related processes:
isafe.exe, ca.exe, caissdt.exe, cavrid.exe, cavtray.exe, avp.exe, apvxdwin.exe , avciman.exe, avengine.exe, pavfnsvr.exe, pavprsrv.exe, pavsrv51.exe, pnmsrv.exe, psimsvc.exe, pskmssvc.exe, srvload.exe,tpsrv.exe, webproxy.exe, vir.exe, sdhelp.exe, swdoctor.exe, mxtask.exe, wmiprvse.exe, hsockpe.exe, dpasnt.exe, kav.exe, kavpf.exe, tsantispy.exe, fsm32.exe, fspex.exe, fsaw.exe, fsguidll.exe, msascui.exe.
SHARE
THIS ON