English

Log in

Search

The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service.

Internet threat level: 1

Read us on

Home→Descriptions→Trojan.Win32.Agent.fkeh

Trojan.Win32.Agent.fkeh

Detected	May 12 2010 20:02 GMT
Released	May 13 2010 02:39 GMT
Published	Sep 19 2011 12:33 GMT

Technical Details
Payload
Removal instructions

Technical Details

A trojan program that carries out destructive actions on the user's computer. It is a Windows application (PE-EXE file). 7710 bytes. Written in C++.

Payload

After launching, the trojan retrieves the file saved in the current user's temporary file directory "%Temp%" as

%Temp%\install_temp.bat from its body (25 bytes)

The extracted file is a shell script and contains the following commands:

@echo off
time 0:00 >nul

The trojan then launches the following script:

cmd.exe /c "%Temp%\install_temp.bat"

The system time is changed to "0:00". The trojan then shuts down.

Removal instructions

If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:

Delete the original trojan file (its location on the infected computer will depend on how the program got onto the computer).
Delete the following file:
```
%Temp%\install_temp.bat
```
Install the current system time.
Run a full Kaspersky Antivirus scan of the computer with updated antivirus databases (download trial version).

MD5: FE92DF16A7949A5C2DE6A2EA313250F6
SHA1: 60D3A0FB79A59BF9DF7C7C89C692C06264992882

Print

Share

Malicious programs

Trojans

Trojan

This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.

This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.

Other versions

Trojan.Win32.Agent.aan

Trojan.Win32.Agent.abt

Trojan.Win32.Agent.afs

Trojan.Win32.Agent.ay

Trojan.Win32.Agent.azsy

Trojan.Win32.Agent.bi

Trojan.Win32.Agent.bve

Trojan.Win32.Agent.cp

Trojan.Win32.Agent.cyzi

Trojan.Win32.Agent.daec

Trojan.Win32.Agent.dbyy

Trojan.Win32.Agent.dcc

Trojan.Win32.Agent.dfab

Trojan.Win32.Agent.drnb

Trojan.Win32.Agent.eory

Trojan.Win32.Agent.ezqg

Trojan.Win32.Agent.ezqk

Trojan.Win32.Agent.ezqu

Trojan.Win32.Agent.fadd

Trojan.Win32.Agent.fajk

Trojan.Win32.Agent.fw

Trojan.Win32.Agent.nbcc

Trojan.Win32.Agent.vk

Aliases

Trojan.Win32.Agent.fkeh (Kaspersky Lab) is also known as:

Trojan-Ransom.Win32.XBlocker.aby (Kaspersky Lab)
Trojan: Generic.dx!uri (McAfee)
Trojan:Win32/Bumat!rts (MS(OneCare))
Trojan.Starter.1358 (DrWeb)
Win32/Small.NHZ trojan (Nod32)
Trojan.Generic.3789335 (BitDef7)
Win32:Trojan-gen (AVAST)
Injector.EZ (AVG)
Trojan.Agent!B6XphHN51ng (VirusBusterBeta)

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

securelist.com