Virus:JS/Dldr.Agent.cex
Date discovered:07/11/2008
Type:Trojan
Subtype:Downloader
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:No
File size:~ 1.177 Bytes
IVDF version:7.01.00.55 - Friday, November 7, 2008

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Mcafee: JS/Spy-Agent.bw.dldr trojan
   •  Kaspersky: Trojan-Downloader.HTML.Small.x
   •  F-Secure: Trojan-Downloader.HTML.Small.x
   •  Sophos: Mal/ObfJS-S
   •  Grisoft: JS/Downloader.Agent
   •  Bitdefender: Trojan.Exploit.JS.I


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Downloads a malicious file

 Files It tries to download a file:

– The location is the following:
   • http://92.241.164.155/**********/2/load.php
It is saved on the local hard drive under: %home%\svchosts.exe Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too. Detected as: TR/Spy.Agent.rzo

Description inserted by Thomas Wegele on Thursday, November 27, 2008
Description updated by Thomas Wegele on Thursday, November 27, 2008

Back . . . .