Trojan.Agent.AY
| Alert Level : | medium |
| Discovered: | 2005Jan26 |
| Tag: | Trojan Agent |
| Discoverer and Source: | http://www.bitdefender.com/ |
Malware Behavior and Technical Description
detected by BitDefender as Trojan.Agent.AY
Has Adware functionality.
When launched, copies itself to %WINDIR%\System32 under a random name and registers this file in the system registry to ensure that the file will be launched each time Windows is rebooted.
Downloads a file from a preconfigured location an executes it.
Injects code into another process in order to restart itself if it is terminated.
It is able to update itself over the Internet
The Trojan will synchronize itself with the following NTP servers in order to check the time
clock.fmt.he.net
dewey.lib.ci.phoenix.az.us
decimal.lib.ci.phoenix.az.us
time.alcanet.no
fartein.ifi.uio.no
ntp1.theinternetone.net
ntp.doubleukay.com
ntp.ewha.net
ntps.net4u.it
ntp.maths.tcd.ie
ntp.mfa.gr
ntp.via.ecp.fr
ntp.univ-lyon1.fr
ntp2.tuxfamily.net
ntp1.tuxfamily.net
ntp.tuxfamily.net
ntp.obspm.fr
tock.keso.fi
tick.keso.fi
hora.oxixares.com
tick.fh-augsburg.de
tack.fh-augsburg.de
ntp2.contactel.cz
ntp1.contactel.cz
ntp.karpo.cz
ntp.globe.cz
ntp.cgi.cz
tock.utoronto.ca
timelord.uregina.ca
time.nrc.ca
time.chu.nrc.ca
tick.utoronto.ca
ntp1.cmc.ec.gc.ca
ntp.cpsc.ucalgary.ca
ntp1.pucpr.br
ntp.ufes.br
ntp.pop-pr.rnp.br
ntp.massayonet.com.br
ntp.hiway.com.br
ntp.cais.rnp.br
ntp2.belbone.be
ntp1.belbone.be
tock.nap.com.ar
time.sinectis.com.ar
tick.nap.com.ar
ntp.saard.net
ntp.ucsd.edu
Contains strings
callinghome.biz
OfferDrv-{F395B5B4-1837-4e79-AD7B-7287043E4DBC}
It tracks user actions an harvests a range of information.
Removal Trojan.Agent.AY instructions:
Please let BitDefender disinfect your files.
Need help? Live computer support via remote at SupportSpace |
