Avira Virus Lab

‹ Back

TR/Agent.23713792

Summary
  • Name
    TR/Agent.23713792
  • Date discovered
    Oct 1, 2015
  • VDF version
    7.11.220.126 (2015-03-28 11:41)
Description

The term 'TR' denotes a trojan horse that is able to spy out data, violate your privacy, or perform unwanted modifications to the system.

  • VDF
    7.11.220.126 (2015-03-28 11:41)
  • Aliases
    Dr. Web: Trojan.Hosts.7316
    Kaspersky Lab: Trojan-Dropper.Win32.Agent.qhux
  • Files
    The following files are created:
    • %TEMPDIR%\IXP000.TMP\TMP4351$.TMP
    • %TEMPDIR%\IXP000.TMP\SUBWAY~1.EXE
    • %TEMPDIR%\IXP000.TMP\TRUSTE~1.EXE
  • Registry
    The following registry entries are added:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ("wextract_cleanup0": "rundll32.exe %SYSDIR%\advpack.dll,DelNodeRunDLL32 "%TEMPDIR%\IXP000.TMP\"")