English

Log in

Search

The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service.

Internet threat level: 1

Watch us on

Home→Descriptions→Trojan.Win32.Agent.cp

Trojan.Win32.Agent.cp

Detected	Apr 15 2005 12:41 GMT
Released	Apr 15 2005 12:41 GMT
Published	Jun 06 2005 09:59 GMT

Technical Details

This primitive Trojan is written in Visual C++. This is a Windows PE EXE file, packed using UPX. The packed file is approximately 76KB in size and the unpacked file is approximately 163KB in size.

When launched, the Trojan copies itself to the Windows system directory with a random name. For example:

%System%\jgsjyb.exe

and registers this file in the Windows system registry:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"" = "%System%\jgsjyb.exe"

This ensures that the Trojan will be run each time Windows is rebooted.

Then it deletes the original file.

The Trojan harvests information about visited sites and can send it to the Trojan's author by HTTP.

It also downloads and installs an adware program, not-a-virus:AdWare.BetterInternet, to the victim machine.

Print

Share

Malicious programs

Trojans

Trojan

This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.

This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.

Other versions

Trojan.Win32.Agent.aan

Trojan.Win32.Agent.abt

Trojan.Win32.Agent.afs

Trojan.Win32.Agent.ay

Trojan.Win32.Agent.azsy

Trojan.Win32.Agent.bi

Trojan.Win32.Agent.bve

Trojan.Win32.Agent.cyzi

Trojan.Win32.Agent.daec

Trojan.Win32.Agent.dbyy

Trojan.Win32.Agent.dcc

Trojan.Win32.Agent.dfab

Trojan.Win32.Agent.drnb

Trojan.Win32.Agent.eory

Trojan.Win32.Agent.ezqg

Trojan.Win32.Agent.ezqk

Trojan.Win32.Agent.ezqu

Trojan.Win32.Agent.fadd

Trojan.Win32.Agent.fajk

Trojan.Win32.Agent.fkeh

Trojan.Win32.Agent.fw

Trojan.Win32.Agent.nbcc

Trojan.Win32.Agent.vk

Aliases

Trojan.Win32.Agent.cp (Kaspersky Lab) is also known as:

Trojan: BackDoor-CQQ (McAfee)
Troj/Dloader-ML (Sophos)
Adware/Transponder (Panda)
W32/Busky.B.gen!Eldorado (FPROT)
Trojan:Win32/Agent.CP (MS(OneCare))
Adware.CallingHome (DrWeb)
Win32/Agent.CP trojan (Nod32)
Trojan.Agent.CP (BitDef7)
Trojan.Agent.pu (VirusBuster)
Trojan.Win32.Agent (Ikarus)
Generic.VAC (AVG)
TR/Hijacker.Gen (AVIRA)
Trojan Horse (NAV)
W32/Agent.TSWK (Norman)
Trojan.DL.Agent.aas (Rising)
Trojan.Win32.Agent.cp [AVP] (FSecure)
TROJ_AGENT.AWZO (TrendMicro)
Trojan.Win32.Agent (Sunbelt)
Trojan.Agent.pu (VirusBusterBeta)

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

securelist.com