Avira Virus Lab

BDS/Agent.A.282

  • Name
    BDS/Agent.A.282
  • Date discovered
    Jan 23, 2016
  • Type
    Malware
  • Impact
    Medium 
  • Reported Infections
    Low 
  • Operating System
    Windows
  • VDF version
    7.11.37.66 (2012-07-23 11:54)

Stay safe from all these threats with Avira Free Antivirus.

Avira Free Antivirus Download Free

The term 'BDS' denotes a Backdoor-Server program. Backdoor-Server programs are used to spy out, modify or delete data.

Operating System: Microsoft Windows.

The file can be used by rogue users or malware to lower security settings.

  • VDF
    7.11.37.66 (2012-07-23 11:54)
  • Aliases
    Dr. Web: Program.mIRC.616
    F-PROT: W32/Sdbot.ACFY (exact)
    G Data: Win32.Trojan.Agent.A5GVK9
    Kaspersky Lab: not-a-virus:Client-IRC.Win32.mIRC.616
  • Registry
    The following registry entries are added:
    • HKEY_CURRENT_USER\Software\mIRC\LastRun (@: "1453535879,0")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC ("DisplayName": "mIRC"; "UninstallString": ""%FILE_PATH%" -uninstall")
    • HKEY_CLASSES_ROOT\.cha (@: "ChatFile")
    • HKEY_CLASSES_ROOT\.chat (@: "ChatFile")
    • HKEY_CLASSES_ROOT\ChatFile (@: "Chat File")
    • HKEY_CLASSES_ROOT\ChatFile\DefaultIcon (@: ""%FILE_PATH%"")
    • HKEY_CLASSES_ROOT\ChatFile\Shell\open\command (@: ""%FILE_PATH%" -noconnect")
    • HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec (@: "%1")
    • HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\Application (@: "mIRC")
    • HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\ifexec (@: "%1")
    • HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\Topic (@: "Connect")
    • HKEY_CLASSES_ROOT\irc (@: "URL:IRC Protocol"; "EditFlags": %hex values%; "URL Protocol": "")
    • HKEY_CLASSES_ROOT\irc\DefaultIcon (@: ""%FILE_PATH%"")
    • HKEY_CLASSES_ROOT\irc\Shell\open\command (@: ""%FILE_PATH%" -noconnect")
    • HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec (@: "%1")
    • HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\Application (@: "mIRC")
    • HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\ifexec (@: "%1")
    • HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\Topic (@: "Connect")

Help make the web safer by sending us suspicious files/URLs to analyze

Submit your file/URL or Go to support.avira.com

Why submit a suspicious file?

If you encountered a suspicious file or website that’s not in our database, we’ll analyze it and determine whether it’s harmful. Our findings are then pushed out to our millions of users with their next virus database update. If you have Avira, you’ll get that update too. Don’t have Avira? Get it on our homepage.