Internet threat level: 1
Home→Descriptions→Trojan-Dropper.Win32.Agent.aaj
Trojan-Dropper.Win32.Agent.aaj
| Detected | Nov 05 2005 12:46 GMT |
| Released | Nov 05 2005 12:46 GMT |
| Published | Mar 15 2006 15:46 GMT |
Removal instructions
Technical Details
This Trojan is designed to download and install other Trojan programs without the user's knowledge or consent. The main Trojan file is a Windows PE EXE file 31480 bytes in size, packed using UPack. The unpacked file is 356KB in size.
Once launched, the Trojan copies itself to the Windows root directory as dupadupam1.exe:
%Windir%\dupadupam1.exe
It then registers this file in the Windows system registry, ensuring that the Trojan will be launched each time Windows is rebooted on the victim machine:
"WindowsUpdatem1"="<path to original file>"
When the Trojan is launched, a file called waudio.exe will also be installed to the Windows root directory without the user's knowledge:
%Windir%\waudio.exe
This file will be detected by Kaspersky Anti-Virus as Trojan.Win32.Agent.lj.
This file will also be registered in the system registry and launched for execution.
Removal instructions
To manually remove the Trojan:
- Delete the following files:
%Windir%\dupadupam1.exe %Windir%\waudio.exe
- Delete the following keys from the system registry:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsUpdatem1"="<path to original file>" - Perform a full scan of your computer (download a trial version of Kaspersky Anti-Virus here).
Trojan-Dropper programs are designed to secretly install malicious programs built into their code to victim computers.
This type of malicious program usually save a range of files to the victim’s drive (usually to the Windows directory, the Windows system directory, temporary directory etc.), and launches them without any notification (or with fake notification of an archive error, an outdated operating system version, etc.).
Such programs are used by hackers to:
- secretly install Trojan programs and/or viruses
- protect known malicious programs from being detected by antivirus solutions; not all antivirus programs are capable of scanning all the components inside this type of Trojans.
Trojan-Dropper.
- Trojan:
Generic Dropper!dig (McAfee) - Troj/Agent-AAJ (Sophos)
- Trj/WinName.
B (Panda) - W32/Heuristic-CSU!Eldorado (FPROT)
- Trojan:
Win32/Sisron (MS(OneCare)) - Trojan.
PWS. Chunked (DrWeb) - unknown NewHeur_PE virus (Nod32)
- Dropped:
Trojan. Agent. LJ (BitDef7) - Trojan.
DR. Agent!Zal9/fLQino (VirusBuster) - Trojan.
Win32. Agent (Ikarus) - Generic.
DHF. dropper (AVG) - TR/PSW.
Agent. AAJ. 1 (AVIRA) - BACKDOOR.
Trojan (NAV) - W32/Agent.
KWI. dropper (Norman) - Packer.
Win32. Upack. a (Rising) - TROJ_DUPA.
A (TrendMicro) - Trojan.
DR. Agent!Zal9/fLQino (VirusBusterBeta)
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.