English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Trojan.Win32.Agent.bi

Detected Jan 13 2006 08:47 GMT
Released Nov 20 2006 10:27 GMT
Published Jan 13 2006 08:47 GMT

Technical Details

This Trojan program is a Windows PE EXE file approximately 12KB in size.

Once launched, the Trojan registers itself in the system registry, ensuring that the Trojan will be launched each time Windows is rebooted on the victim machine:

[HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"<original file name>" = "<path to Trojan program>"

The Trojan can have a variety of names, and function both as a standard application and as a service (in systems running Windows NT/2K/XP)

The Trojan tracks which web sites are visited using the victim machine.

It may also download other programs from the Internet, save them to the victim machine and launch them for execution.


Bookmark and Share
Share
Trojan

This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.

This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.


Other versions

Aliases

Trojan.Win32.Agent.bi (Kaspersky Lab) is also known as:

  • Trojan-Downloader.Win32.Small.Agent.bq (Kaspersky Lab)
  • Trojan: Spy-Agent.d (McAfee)
  • Troj/Iefeat-AK (Sophos)
  • Trojan.Agent-148 (ClamAV)
  • Adware/SearchAid (Panda)
  • W32/TrojanX.LRH (FPROT)
  • TrojanDownloader:Win32/WinShow (MS(OneCare))
  • BackDoor.Netag (DrWeb)
  • Trojan.Agent.bi (BitDef7)
  • Trojan.Crypt.Gen.5 (VirusBuster)
  • Win32:Rootkit-gen [Rtk] (AVAST)
  • Trojan.Win32.Agent (Ikarus)
  • Generic.LPE (AVG)
  • Adware.Iefeats (NAV)
  • NseCheckFile2() returned 0x00010018 (Norman)
  • TROJ_AGENT.YZL (TrendMicro)
  • Trojan.Crypt.Gen.5 (VirusBusterBeta)