English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsTrojan.Win32.Agent2.dmuw

Trojan.Win32.Agent2.dmuw

Detected May 06 2011 01:12 GMT
Released May 06 2011 06:30 GMT
Published Sep 19 2011 13:26 GMT

Technical Details
Payload
Removal instructions

Technical Details

A trojan program designed to steal the user's authentication data. It is a Windows dynamic-link library (PE-DLL file). 4608 bytes. Written in C++.


Payload

After launching, the malicious library checks the name of the process in the address space loaded. With the "duospeak.exe" process loaded into the address space, the trojan allows for tracking of the information entered by the user into the windows with the following class names: 

YYMainWnd
YYLogin
Edit
and sends the data received to the attacker's server in HTML-requests: 
124.***.56.12
121.***.13.22


Removal instructions

If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:

  1. Using Task Manager end the "duospeak.exe" process.
  2. Delete the original trojan file (its location on the infected computer will depend on how the program got onto the computer).
  3. Run a full Kaspersky Antivirus scan of the computer with updated antivirus databases (download trial version).

MD5: 70FD4FFA984AB10EF0E4CAB3FDCB655E
SHA1: 1FB3E4659CA40D76C5070DEE387E94355D633D7B



Print
Bookmark and Share
Share
Trojans
Trojan

This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.

This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.


Other versions
Trojan.Win32.Agent2.ddnd
Trojan.Win32.Agent2.dmdi
Trojan.Win32.Agent2.dmvt
Trojan.Win32.Agent2.dtb
Trojan.Win32.Agent2.lmu

Aliases

Trojan.Win32.Agent2.dmuw (Kaspersky Lab) is also known as:

  • Win32/PSW.OnLineGames.PIO trojan (Nod32)
  • processing error (VirusBuster)
  • NseCheckFile2() returned 0x00010018 (Norman)

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search