English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsExploit.Java.Agent.bz

Exploit.Java.Agent.bz

Detected Jul 27 2010 12:27 GMT
Released Jul 28 2010 11:20 GMT
Published Apr 04 2011 13:54 GMT

Technical Details
Payload
Removal instructions

Technical Details

This Trojan downloads files from the Internet and launches them without the user's knowledge. It is a Java class file. It is 1564 bytes in size.


Payload

The malicious functionality is implemented in "Main" class file. This class file contains functionality that enables file download from the Internet via a special link and launches it for execution. The file download link is sent using "main" function parameter of the malicious file class. The downloaded file is saved in the current user's temporary files directory as 

%Temp%\<rnd>.exe
where <rnd> is a random fractional decimal number from 0 to 1.


Removal instructions

If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:

  1. Delete the original Trojan file (its location will depend on how the program originally penetrated the infected computer).
  2. Delete the following file: 
    %Temp%\<rnd>.exe
  3. Empty the Temporary Internet Files directory, which may contain infected files (see How to delete infected files from Temporary Internet Files folder?).
  4. Perform a full scan of the computer using Kaspersky Anti-Virus with up-to-date antivirus databases (download a trial version).


MD5: 78C5108D2B147B20CDFB3E9F5055B2CC
SHA1: 9CBA095CF121122106B87EABAC9A90C221D58C34



Print
Bookmark and Share
Share
Trojans
Exploit

Exploits are programs that contain data or executable code which take advantage of one or more vulnerabilities in software running on a local or remote computer for clearly malicious purposes.

Often, malicious users employ an exploit to penetrate a victim computer in order to subsequently install malicious code (for example, to infect all visitors to a compromised website with a malicious program). Additionally, exploits are commonly used by Net-Worms in order to hack a victim computer without any action being required from the user.

Nuker programs are notable among exploits; such programs send specially crafted requests to local or remote computers, causing the system to crash.


Other versions
Exploit.Java.Agent.ca
Exploit.Java.Agent.cw
Exploit.Java.Agent.de

Aliases

Exploit.Java.Agent.bz (Kaspersky Lab) is also known as:

  • Troj/Java-M (Sophos)
  • TrojanDownloader:Java/OpenConnection.GC (MS(OneCare))
  • Java.SMSSend.224 (DrWeb)
  • Java/TrojanDownloader.OpenStream.NAN trojan (Nod32)
  • Other:Malware-gen (AVAST)
  • Exploit.Java.Agent (Ikarus)
  • Exploit_c.GOP (AVG)
  • a.class <<< JAVA/Jifake.1222 (AVIRA)
  • Trojan.Gen (NAV)
  • Suspicious_Gen2.DYJMN (Norman)
  • Trojan-SMS.J2ME.Jifake.q [AVP] (FSecure)
  • Exploit.Java.Agent.bz [AVP] (FSecure)

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search