English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsTrojan.Win32.Agent2.dmdi

Trojan.Win32.Agent2.dmdi

Detected May 04 2011 16:03 GMT
Released May 04 2011 20:31 GMT
Published Sep 19 2011 13:20 GMT

Technical Details
Payload
Removal instructions

Technical Details

The malicious library is a component of a trojan program designed to steal the user's authentication data. It is a Windows dynamic-link library (PE-DLL file). 8192 bytes. Written in C++.


Payload

After launching, the malicious library checks the name of the process in the address space loaded. By loading the "duospeak.exe" process in the address space, the malicious library allows for the data entered by the user in the class "YYMainWnd" window to be tracked. The data collected is sent to the attacker's server in HTTP-requests: 

124.***.56.12
121.***.13.22


Removal instructions

If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:

  1. Using Task Manager, end the "duospeak.exe" process.
  2. Delete the original trojan file (its location on the infected computer will depend on how it got onto the computer).
  3. Run a full Kaspersky Antivirus scan of the computer with updated antivirus databases (download trial version).

MD5: CEA19C96DB10020F0D6E5AE5732B15CD
SHA1: 1909BFFCED2E698957473A984BD89962C27698D7



Print
Bookmark and Share
Share
Trojans
Trojan

This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.

This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.


Other versions
Trojan.Win32.Agent2.ddnd
Trojan.Win32.Agent2.dmuw
Trojan.Win32.Agent2.dmvt
Trojan.Win32.Agent2.dtb
Trojan.Win32.Agent2.lmu

Aliases

Trojan.Win32.Agent2.dmdi (Kaspersky Lab) is also known as:

  • NseCheckFile2() returned 0x00010018 (Norman)
  • Trojan.Win32.Generic.1286F9E0 (Rising)

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search