Internet threat level: 1
Home→Descriptions→Trojan-Downloader.Win32.Agent.elej
Trojan-Downloader.Win32.Agent.elej
| Detected | Aug 30 2010 15:14 GMT |
| Released | Aug 31 2010 04:12 GMT |
| Published | Mar 22 2011 10:12 GMT |
Payload
Removal instructions
Technical Details
This Trojan downloads files from the Internet and launches them without the user's knowledge. It is a Windows application (PE EXE file). It is 27 648 bytes in size. It is packed using PE_Patch or UPX. The unpacked file is approximately 99 KB in size. It is written in C++.
Payload
Once launched, the Trojan establishes a connection with this server:
85.***.131Thereafter, the malicious user can use the infected computer for sending spam. The Trojan obtains all of the information necessary for this from the malicious user's server. It can also download other malicious programs from this server. The downloaded files are saved in the current user's temporary files directory "%Temp%" using random names. Once downloaded, the files are launched for execution.
Removal instructions
If your computer does not have an antivirus, and is infected by this malicious program, follow the instructions below to delete it:
- Use Task Manager to terminate the Trojan process.
- Delete the files downloaded by the Trojan in the "%Temp%" directory.
- Empty the Temporary Internet Files directory, which may contain infected files (see How to delete infected files from Temporary Internet Files folder?).
- Perform a full scan of the computer using Kaspersky Anti-Virus with up-to-date antivirus databases (download a trial version).
Programs classified as Trojan-Downloader download and install new versions of malicious programs, including Trojans and AdWare, on victim computers. Once downloaded from the Internet, the programs are launched or included on a list of programs which will run automatically when the operating system boots up.
Information about the names and locations of the programs which are downloaded are in the Trojan code, or are downloaded by the Trojan from an Internet resource (usually a web page).
This type of malicious program is frequently used in the initial infection of visitors to websites which contain exploits.
Trojan-Downloader.
- Trj/Downloader.
MDW (Panda) - VirTool:
Win32/Obfuscator. KH (MS(OneCare)) - Trojan.
DownLoad2. 21262 (DrWeb) - Trojan.
Generic. 4885658 (BitDef7) - Win32:
Agent-ALXU [Trj] (AVAST) - Backdoor.
Win32. Protector (Ikarus) - Downloader.
Agent2. ACYA (AVG) - TR/Crypt.
XPACK. Gen (AVIRA) - NseCheckFile2() returned 0x00010018 (Norman)
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.