English

Log in

Search

The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service.

Internet threat level: 1

Read us on

Home→Descriptions→Trojan-Dropper.Win32.Agent.ate

Trojan-Dropper.Win32.Agent.ate

Detected	Aug 02 2006 15:46 GMT
Released	Aug 02 2006 15:46 GMT
Published	Oct 03 2006 11:42 GMT

Technical Details
Payload
Removal instructions

Technical Details

This Trojan is designed to install other Trojan programs to the victim machine without the knowledge or consent of the user. The program itself is a Windows PE EXE file 717 488 byes in size. The file is 717,488 bytes in size.

Payload

Once launched, the Trojan extracts two Windows PE EXE files from itself. These files are saved to the Windows temporary directory as "Pinch.exe" (21 398 bytes in size, will be detected by Kaspersky Anti-Virus as Trojan-PSW.Win32.LdPinch.ato) and "icq_f.exe" (626 176 bytes in size, will be detected by Kaspersky Anti-Virus as IM-Flooder.Win32.Delf.g). Both files are then launched for execution.

Pinch.exe intercepts passwords to a range of Internet programs.

icq_f.exe floods instant messaging networks.

Every 10 seconds, the program will cause an image contained adult content to be displayed.

The Trojan is designed to give the user the impression that s/he is using a flooder program. However, at the same time a password stealing Trojan will be installed on the system.

Removal instructions

Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine)..
Delete the files created by the Trojan:
```
%temp%\icq_f.exe
%temp%\Pinch.exe
```
Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).

Print

Share

Malicious programs

Trojans

Trojan-Dropper

Trojan-Dropper programs are designed to secretly install malicious programs built into their code to victim computers.

This type of malicious program usually save a range of files to the victim’s drive (usually to the Windows directory, the Windows system directory, temporary directory etc.), and launches them without any notification (or with fake notification of an archive error, an outdated operating system version, etc.).

Such programs are used by hackers to:

secretly install Trojan programs and/or viruses
protect known malicious programs from being detected by antivirus solutions; not all antivirus programs are capable of scanning all the components inside this type of Trojans.

Other versions

Trojan-Dropper.Win32.Agent.aaj

Trojan-Dropper.Win32.Agent.adi

Trojan-Dropper.Win32.Agent.aga

Trojan-Dropper.Win32.Agent.aiad

Trojan-Dropper.Win32.Agent.akap

Trojan-Dropper.Win32.Agent.albv

Trojan-Dropper.Win32.Agent.bc

Trojan-Dropper.Win32.Agent.bgn

Trojan-Dropper.Win32.Agent.bot

Trojan-Dropper.Win32.Agent.ceqq

Trojan-Dropper.Win32.Agent.crbk

Trojan-Dropper.Win32.Agent.csxg

Trojan-Dropper.Win32.Agent.cwsh

Trojan-Dropper.Win32.Agent.cwsw

Trojan-Dropper.Win32.Agent.cxdv

Trojan-Dropper.Win32.Agent.dcbd

Trojan-Dropper.Win32.Agent.delm

Trojan-Dropper.Win32.Agent.dfqk

Trojan-Dropper.Win32.Agent.dvyh

Trojan-Dropper.Win32.Agent.ezqm

Trojan-Dropper.Win32.Agent.sd

Trojan-Dropper.Win32.Agent.vw

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

securelist.com