Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:TR/Spy.Agent.OGS
Date discovered:18/12/2011
Type:Trojan
Subtype:Spy
In the wild:No
Reported Infections:Medium to high
Distribution Potential:Low
Damage Potential:Low
File size:139264 Bytes
MD5 checksum:e22b6195d50b8f7c265542091628c218
VDF version:7.11.19.155 - Sunday, December 18, 2011
IVDF version:7.11.19.155 - Sunday, December 18, 2011

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Trojan-Spy.Win32.Agent.bwgt
   •  Bitdefender: Trojan.Spy.Agent.OGS
   •  Eset: Win32/Spy.Banker.WZJ
   •  Sunbelt: Trojan-Spy.Win32.Agent
   •  GData: Trojan.Spy.Agent.OGS


Platforms / OS:
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

 Miscellaneous Furthermore it contains the following strings:
   • xpcom.dll
   • GetCurrentProcessId
   • GetWindow
   • OpenClipboard
   • GetProcessHeap
   • GetCurrentProcess
   • IsDebuggerPresent
   • AcroFF8.dll
   • NSModule
   • Mozilla\Firefox\Profiles\
   • DEU
   • BANK
   • FIDUCIA.DE
   • %Y-%m-%d %H:%M:%S
   •
   • %s%s_UAs%i.dat
   • .htm
   • _ifrm
   • .frm
   • .pst
   • .key
   • .clb
   • %s%d_FF_%010d%s%s
   • SOFTWARE\Mozilla\Mozilla Firefox
   • @mozilla.org/network/file-output-stream;1
   • password
   • @mozilla.org/embedcomp/window-watcher;1
   • @mozilla.org/docloaderservice;1
   • @mozilla.org/observer-service;1
   • @mozilla.org/extensions/manager;1
   •


Anti debugging
If this was successful it does not create any files.

 File details Programming language:
The malware program was written in MS Visual C++.

Description inserted by Martin Muench on Tuesday, December 20, 2011
Description updated by Martin Muench on Tuesday, December 20, 2011

Back . . . .