TR/Drop.Agent.bct
TR/Drop.Agent.bct is a Worm,that is designed to propagate and spread across networks. TR/Drop.Agent.bct are known to propagate using one or several of different transmission vectors like email, IRC, network shares, instant messengers (IM), and peer-to-peer (P2P) networks.Worms do not infect files, but may carry one or more payloads, such as computer security compromise and information theft.TR/Drop.Agent.bct typically modify system settings to automatically start. Users may need to terminate worms before they can be deleted. Also, restoring affected systems may require procedures other than scanning with an antivirus program.
TR/Drop.Agent.bct drops the following copies of itself:
c:\Windows\System32\drivers\tianshi.exe
C:\htshi.exe
Autostart Technique
This worm creates the following registry entry to enable its automatic execution at every system startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
svcshare = “c:\Windows\System32\drivers\tianshi.exe”
Propagation via Physical/Removable/Floppy Drives
This worm drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.
The file AUTORUN.INF contains the following strings:
[AutoRun]
OPEN=htshi.exe
shellexecute=htshi.exe
shell\Auto\command=htshi.exe
Need help? Post you problem on Free Malware Remove Help forum
TR/Drop.Agent.bct Summary
1.Temporarily Disable System Restore;2.Reboot computer in SafeMode;3.delte TR/Drop.Agent.bct virus files and kill TR/Drop.Agent.bct file task process(if have);4.Delete/Modify any values added to the registry by TR/Drop.Agent.bct ;5.delete IE temp files,restart the computer and run a whole scan with AntiVir. TR/Drop.Agent.bct virus files as following: