Avira Virus Lab

TR/Downloader.A.988

  • Name
    TR/Downloader.A.988
  • Date discovered
    Nov 7, 2015
  • VDF version
    7.11.94.124 (2013-08-02 14:43)

Stay safe from all these threats with Avira Free Antivirus.

Avira Free Antivirus Download Free

The term 'TR' denotes a trojan horse that is able to spy out data, violate your privacy, or perform unwanted modifications to the system.

  • VDF
    7.11.94.124 (2013-08-02 14:43)
  • Aliases
    Avast: Win32:Agent-ASOC
    AVG: Downloader.Generic13.BRBQ
    ClamAV: Win.Trojan.Agent-869959
    Dr. Web: Trojan.DownLoad3.30962
    F-PROT: W32/Trojan2.OBQW (exact)
    Trend Micro: TROJ_DL.8BCBC9CE
    G Data: Trojan.Agent.WDCR.C
    Kaspersky Lab: Trojan-Downloader.Win32.Adload.dyhq
    Bitdefender: Trojan.Agent.WDCR.C
    ESET: Win32/TrojanDownloader.Agent.AFD trojan
  • Files
    The following files are deleted:
    • %USERPROFILE%\Local Settings\Application Data\Temp\XIQKHW.tmp
    The following files are created:
    • %USERPROFILE%\Local Settings\Application Data\Temp\XIQKHW.tmp
    • %APPDATA%\Microsoft\Protect\S-1-5-21-602162358-879983540-682003330-1003\ba12fc11-1a84-486d-94ae-01fd758260b6
    The following files are changed:
    • %APPDATA%\Microsoft\Protect\CREDHIST
    • %APPDATA%\Microsoft\Protect\S-1-5-21-602162358-879983540-682003330-1003\Preferred
  • Registry
    The following registry entries are changed:
    • HKEY_CLASSES_ROOT\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}\1.0 (@: "runtimeLib")
    • HKEY_CLASSES_ROOT\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}\1.0\FLAGS (@: "0")
    • HKEY_CLASSES_ROOT\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}\1.0\0\win32 (@: "%USERPROFILE%\Local Settings\Application Data\Temp\XIQKHW.tmp")
    • HKEY_CLASSES_ROOT\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}\1.0\HELPDIR (@: "%USERPROFILE%\Local Settings\Application Data\Temp")
    • HKEY_CLASSES_ROOT\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4325} (@: "IRuntime")
    • HKEY_CLASSES_ROOT\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4325}\ProxyStubClsid (@: "{00020424-0000-0000-C000-000000000046}")
    • HKEY_CLASSES_ROOT\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4325}\ProxyStubClsid32 (@: "{00020424-0000-0000-C000-000000000046}")
    • HKEY_CLASSES_ROOT\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4325}\TypeLib (@: "{AC329328-7EC4-4C34-B672-0A2B90CB9B00}"; "Version": "1.0")
    • HKEY_CLASSES_ROOT\Interface\{19DF2320-6A8A-4942-AC4C-C449949DFC27} (@: "IDownloadJob")
    • HKEY_CLASSES_ROOT\Interface\{19DF2320-6A8A-4942-AC4C-C449949DFC27}\ProxyStubClsid (@: "{00020424-0000-0000-C000-000000000046}")
    • HKEY_CLASSES_ROOT\Interface\{19DF2320-6A8A-4942-AC4C-C449949DFC27}\ProxyStubClsid32 (@: "{00020424-0000-0000-C000-000000000046}")
    • HKEY_CLASSES_ROOT\Interface\{19DF2320-6A8A-4942-AC4C-C449949DFC27}\TypeLib (@: "{AC329328-7EC4-4C34-B672-0A2B90CB9B00}"; "Version": "1.0")
    • HKEY_CLASSES_ROOT\Interface\{662CA6E1-37D8-4C12-8586-3AC64DF96187} (@: "IWaitableTask")
    • HKEY_CLASSES_ROOT\Interface\{662CA6E1-37D8-4C12-8586-3AC64DF96187}\ProxyStubClsid (@: "{00020424-0000-0000-C000-000000000046}")
    • HKEY_CLASSES_ROOT\Interface\{662CA6E1-37D8-4C12-8586-3AC64DF96187}\ProxyStubClsid32 (@: "{00020424-0000-0000-C000-000000000046}")
    • HKEY_CLASSES_ROOT\Interface\{662CA6E1-37D8-4C12-8586-3AC64DF96187}\TypeLib (@: "{AC329328-7EC4-4C34-B672-0A2B90CB9B00}"; "Version": "1.0")
    • HKEY_CLASSES_ROOT\Interface\{8A2DAA70-D6C9-4BAA-B9CA-DE8A9F49CA12} (@: "IDownloadError")
    • HKEY_CLASSES_ROOT\Interface\{8A2DAA70-D6C9-4BAA-B9CA-DE8A9F49CA12}\ProxyStubClsid (@: "{00020424-0000-0000-C000-000000000046}")
    • HKEY_CLASSES_ROOT\Interface\{8A2DAA70-D6C9-4BAA-B9CA-DE8A9F49CA12}\ProxyStubClsid32 (@: "{00020424-0000-0000-C000-000000000046}")
    • HKEY_CLASSES_ROOT\Interface\{8A2DAA70-D6C9-4BAA-B9CA-DE8A9F49CA12}\TypeLib (@: "{AC329328-7EC4-4C34-B672-0A2B90CB9B00}"; "Version": "1.0")
    • HKEY_CLASSES_ROOT\Interface\{5B113BE7-98FF-4DA7-8441-D3AAE3836AE4} (@: "IRunningProcess")
    • HKEY_CLASSES_ROOT\Interface\{5B113BE7-98FF-4DA7-8441-D3AAE3836AE4}\ProxyStubClsid (@: "{00020424-0000-0000-C000-000000000046}")
    • HKEY_CLASSES_ROOT\Interface\{5B113BE7-98FF-4DA7-8441-D3AAE3836AE4}\ProxyStubClsid32 (@: "{00020424-0000-0000-C000-000000000046}")
    • HKEY_CLASSES_ROOT\Interface\{5B113BE7-98FF-4DA7-8441-D3AAE3836AE4}\TypeLib (@: "{AC329328-7EC4-4C34-B672-0A2B90CB9B00}"; "Version": "1.0")

Help make the web safer by sending us suspicious files/URLs to analyze

Submit your file/URL or Go to Avira Answers

Why submit a suspicious file?

If you encountered a suspicious file or website that’s not in our database, we’ll analyze it and determine whether it’s harmful. Our findings are then pushed out to our millions of users with their next virus database update. If you have Avira, you’ll get that update too. Don’t have Avira? Get it on our homepage.

What’s Avira Answers?

It’s our thriving community of technical professionals and part-time experts, working together to help solve tech problems. It’s the perfect place to pose your question to a community of fellow Avira users.