English

Log in

Search

The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service.

Internet threat level: 1

Watch us on

Home→Descriptions→Trojan.Win32.Agent.afs

Trojan.Win32.Agent.afs

Detected	Feb 21 2007 09:07 GMT
Released	Jun 13 2007 13:31 GMT
Published	Feb 21 2007 09:07 GMT

Technical Details
Payload
Removal instructions

Technical Details

This Trojan is designed to disable a range of Windows security components. It is a Windows PE EXE file. It is 4,608 bytes in size. It is packed using UPX. The unpacked file is approximately 17KB in size.

Payload

Once launched, the Trojan modifies values in the following system registry key parameters to:

[HKLM\Software\Microsoft\Security Center]
FirewallOverride=1

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StardardProfile]
DisableNotifications=1

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StardardProfile]
DoNotAllowExceptions=0

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StardardProfile]
EnableFirewall=0

[HKLM\Software\Microsoft\Security Center]
FirewallDisableNotify=1

The Trojan then ceases running and deletes its executable file.

Removal instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

Use Task Manager to terminate the Trojan process.
Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
Configure the operating system’s security with recommended settings.
Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).

Print

Share

Malicious programs

Trojans

Trojan

This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.

This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.

Other versions

Trojan.Win32.Agent.aan

Trojan.Win32.Agent.abt

Trojan.Win32.Agent.ay

Trojan.Win32.Agent.azsy

Trojan.Win32.Agent.bi

Trojan.Win32.Agent.bve

Trojan.Win32.Agent.cp

Trojan.Win32.Agent.cyzi

Trojan.Win32.Agent.daec

Trojan.Win32.Agent.dbyy

Trojan.Win32.Agent.dcc

Trojan.Win32.Agent.dfab

Trojan.Win32.Agent.drnb

Trojan.Win32.Agent.eory

Trojan.Win32.Agent.ezqg

Trojan.Win32.Agent.ezqk

Trojan.Win32.Agent.ezqu

Trojan.Win32.Agent.fadd

Trojan.Win32.Agent.fajk

Trojan.Win32.Agent.fkeh

Trojan.Win32.Agent.fw

Trojan.Win32.Agent.nbcc

Trojan.Win32.Agent.vk

Aliases

Trojan.Win32.Agent.afs (Kaspersky Lab) is also known as:

Trojan: Generic.dx (McAfee)
Mal/Generic-L (Sophos)
W32/TrojanX.CMYJ (FPROT)
Trojan:Win32/Bumat!rts (MS(OneCare))
a variant of Win32/Agent.MXAKXPN trojan (Nod32)
Trojan.Generic.499029 (BitDef7)
Packed/FSG (VirusBuster)
Win32:Agent-FPE [Trj] (AVAST)
Trojan-Dropper.Agent (Ikarus)
Generic3.AOK (AVG)
TR/Crypt.XPACK.Gen (AVIRA)
Backdoor.Mydopam (NAV)
Suspicious_F.gen (Norman)
Trojan.Win32.Agent.afs (Rising)
Trojan.Win32.Agent.afs [AVP] (FSecure)
Packed/FSG (VirusBusterBeta)

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

securelist.com