« Trojan.Win32.Pakes.boe
TROJ_AGENT.DOA »

Win32.Trojan-Downloader.Agent.hlp



The infected Win32.Trojan-Downloader.Agent.hlp websites are victim of the mass attack launched against Linux/Apache server. Downloaded malware can steal credentials such as usernames, passwords, credit card numbers, and online payment accounts from compromised system.
Creates following files:

%UserProifile%\Administrator\Local Settings\Temp\[ORIGINAL FILE NAME].exe
%System%\regscan.exe

Creates following following registry keys:

To make sure execution of malware at every startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run “” = C:\WINDOWS\system32\regscan.exe
To open TCP port 64758 at firewall:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001
\Services\SharedAccess\Parameters\Firewall
Policy\StandardProfile\GloballyOpenPorts\List
“” = 64758:TCP:*:Enabled:PORT_64758
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\
SharedAccess\Parameters\FirewallPolicy\StandardProfile\
GloballyOpenPorts\List “” =64758:TCP:*:Enabled:PORT_64758
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\
Settings “” = [REG_BINARY, size: 4 bytes]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\
Settings “” = [REG_BINARY, size: 95 bytes]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\
Settings “” = [REG_BINARY, size: 256 bytes]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\
Settings “” = [REG_BINARY, size: 4 bytes]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\
Settings “” = [REG_BINARY, size: 24 bytes]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\
Settings “” = [REG_BINARY, size: 3230 bytes]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ Settings “” =[REG_BINARY,HKEY_CURRENT_USER\Software\
Microsoft\Internet Explorer\Settings "" = [REG_BINARY,
size: 89756 bytes]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\
Settings “” = [REG_BINARY, size: 71972 bytes]

Trojan is also detected as Win32.Trojan-Downloader.Agent.hlp (CAT-QuickHeal), Virus.Win32.Agent.hlp (Kaspersky), Trojan:Win32/Ilomo.gen!A (Microsoft).

Trojan-Downloader.Win32.Agent.bq (Kaspersky Lab) is also known as: BackDoor-BDD (McAfee), Download.Trojan (Symantec), Trojan.Feat.2 (Doctor Web), Troj/Iefeat-J (Sophos), Trojan:Win32/Agent.BQ (RAV), TROJ_AGENT.EL (Trend Micro), TR/Spy.Tofger.BI.2 (H+BEDV), Downloader.Agent.2.BM (Grisoft), Trojan.Downloader.Agent.BQ (SOFTWIN), Trojan.Spy.Tofger.BI.2 (ClamAV), Adware/SearchAid (Panda), Win32/TrojanDownloader.Agent.NAK (Eset)

Tags:

Need help? Post you problem on Free Malware Remove Help forum


Win32.Trojan-Downloader.Agent.hlp Summary

  • Virus Name:Win32.Trojan-Downloader.Agent.hlp
  • Detected By:BitDefender antivirus program
  • Virus Win32.Trojan-Downloader.Agent.hlp Detected times:237191times
  • Win32.Trojan-Downloader.Agent.hlp Overall Risk:Medium 737192
  • Win32.Trojan-Downloader.Agent.hlp file size:3671920 bytes
    • Win32.Trojan-Downloader.Agent.hlpwas first Detected by BitDefender on Sunday, September 21st, 2008 , 6:44 am,Win32.Trojan-Downloader.Agent.hlp is a new threats of Hacking,Malware,Spam,worm.
  • Remove Win32.Trojan-Downloader.Agent.hlp instruction:

    • 1.Temporarily Disable System Restore;2.Reboot computer in SafeMode;3.delte Win32.Trojan-Downloader.Agent.hlp virus files and kill Win32.Trojan-Downloader.Agent.hlp file task process(if have);4.Delete/Modify any values added to the registry by Win32.Trojan-Downloader.Agent.hlp ;5.delete IE temp files,restart the computer and run a whole scan with BitDefender. Win32.Trojan-Downloader.Agent.hlp virus files as following:

    For Win32.Trojan-Downloader.Agent.hlp first detected Sunday, September 21st, 2008 at 6:44 am by BitDefender,we need more information about Win32.Trojan-Downloader.Agent.hlp.Please follow any responses to Win32.Trojan-Downloader.Agent.hlp through the RSS 2.0 feed ,Or leave your problem about Win32.Trojan-Downloader.Agent.hlp .

    Leave a Reply