Internet threat level: 1
Home→Descriptions→Trojan-Downloader.Win32.Agent.pj
Trojan-Downloader.Win32.Agent.pj
| Detected | Jun 10 2005 20:11 GMT |
| Released | Jun 10 2005 20:11 GMT |
| Published | Sep 06 2005 11:58 GMT |
Technical Details
This Trojan program downloads files from the Internet without the user's knowledge or consent. The Trojan itself is a Windows PE EXE file approximately 8KB in size. It is not packed in any way.
Installation
Once launched, the Trojan copies itself to the Windows temporary directory as "IEXPLORE.exe":
%TEMP%/IEXPLORE.exe
This program is capable of downloading other Trojans via the Internet and launching them on the victim machine.
It downloads a file named "calc.exe" from http://222.***.48.190. This file is detected by Kaspersky Anti-Virus as Trojan-Spy.Win32.Asher.c and launches it for execution.
Agent.pj terminates processes where the names contain the following text strings:
_AVP32.EXE _AVPCC.EXE _AVPM.EXE ACKWIN32.EXE ALG.EXE ANTI-TROJAN.EXE APVXDWIN.EXE ARMOR2NET.EXE AUTODOWN.EXE AVCONSOL.EXE AVE32.EXE AVGCTRL.EXE AVKSERV.EXE AVNT.EXE AVP.EXE AVP32.EXE AVPCC.EXE AVPDOS32.EXE AVPM.EXE AVPTC32.EXE AVPUPD.EXE AVSCHED32.EXE AVWIN95.EXE AVWUPD32.EXE BLACKD.EXE BLACKICE.EXE CFIADMIN.EXE CFIAUDIT.EXE CFINET.EXE CFINET32.EXE CLAW95.EXE CLAW95CF.EXE CLEANER.EXE CLEANER3.EXE DVP95.EXE DVP95_0.EXE ECENGINE.EXE ESAFE.EXE ESPWATCH.EXE F-AGNT95.EXE FINDVIRU.EXE FPROT.EXE F-PROT.EXE F-PROT95.EXE FP-WIN.EXE FRW.EXE F-STOPW.EXE IAMAPP.EXE IAMSERV.EXE IBMASN.EXE IBMAVSP.EXE ICLOAD95.EXE ICLOADNT.EXE ICMON.EXE ICSUPP95.EXE ICSUPPNT.EXE IFACE.EXE IOMON98.EXE JEDI.EXE LOCKDOWN2000.EXE LOOKOUT.EXE LUALL.EXE MCAGENT.EXE MCSHIELD.EXE MCVSSHLD.EXE MOOLIVE.EXE MPFAGENT.EXE MPFSERVICE.EXE MPFTRAY.EXE MSVSESCN.EXE N32SCANW.EXE NAVAPW32.EXE NAVLU32.EXE NAVNT.EXE NAVW32.EXE NAVWNT.EXE NISUM.EXE NMAIN.EXE NORMIST.EXE NPROTECT.EXE NUPGRADE.EXE NVC95.EXE NVSVC32.EXE PADMIN.EXE PAVCL.EXE PAVSCHED.EXE PAVW.EXE PCCWIN98.EXE RAV7.EXE RAV7WIN.EXE RESCUE.EXE SAFEWEB.EXE SAVSCAN.EXE SCAN32.EXE SCAN95.EXE SCANPM.EXE SCRSCAN.EXE SERV95.EXE SMC.EXE SPHINX.EXE SWEEP95.EXE TBSCAN.EXE TCA.EXE TDS2-98.EXE TDS2-NT.EXE VET95.EXE VETTRAY.EXE WEBSCANX.EXE WFINDV32.EXE ZONEALARM.EXE
Programs classified as Trojan-Downloader download and install new versions of malicious programs, including Trojans and AdWare, on victim computers. Once downloaded from the Internet, the programs are launched or included on a list of programs which will run automatically when the operating system boots up.
Information about the names and locations of the programs which are downloaded are in the Trojan code, or are downloaded by the Trojan from an Internet resource (usually a web page).
This type of malicious program is frequently used in the initial infection of visitors to websites which contain exploits.
Trojan-Downloader.
- Trojan:
PWS-Banker. j (McAfee) - Troj/KillAv-AK (Sophos)
- Trojan.
Downloader. Agent-142 (ClamAV) - Trj/Ash.
C (Panda) - W32/Agent.
PN (FPROT) - TrojanDownloader:
Win32/Small. ABX (MS(OneCare)) - Trojan.
DownLoader. 3084 (DrWeb) - a variant of Win32/TrojanDownloader.
Small. BIH trojan (Nod32) - Generic.
Malware. P!dld!!Pk!g. 74C8FE1D (BitDef7) - Trojan.
DL. Agent. RF (VirusBuster) - Win32:
Agent-AA [Trj] (AVAST) - Trojan-Dropper.
Agent (Ikarus) - Downloader.
Agent. 13. O (AVG) - TR/Dldr.
Agent. pj (AVIRA) - Infostealer.
Bankash. D (NAV) - W32/Agent.
EPF (Norman) - PWS-Banker.
j (NAI) - TROJ_AGENT.
QR (PCCIL) - Trojan.
DL. Agent. ecg (Rising) - TROJ_AGENT.
QR (TrendMicro)
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.