Select local site

| Japanese | Simplified Chinese | Traditional Chinese (Hong Kong) | Traditional Chinese (Taiwan)

F-Secure Malware Information Pages: Trojan-Downloader:W32/Agent.BUV
[Summary] | [Detailed Description]

Name : Trojan-Downloader:W32/Agent.BUV
Alias:Trojan-Downloader.Win32.Agent.buv
Size:13077
Type:Trojan-Downloader
Category:Malware
Platform:W32
Radar

Summary
Trojan-Downloader:W32/Agent.BUV downloads malicious files from a remote server.

It then executes and installs the downloaded files.
Back to the Top

Detailed Description
Upon execution, this malware creates a copy of itself at the following location:

  • %windir%\system\internat.exe

It then creates a BAT file that will be used to delete the original file executed by user.

It will then create the following processes:

  • %windir%\system\internat.exe
  • %programfiles%\Internet Explorer\IEXPLORE.EXE

The file called internat.exe is the malware's own process.

It attempts to download additional files from the following URLs:

  • http://www.smsunionmm.com/107/tj.htm
  • http://www.smsunionmm.com/107/tj10.htm

Note: The URLs were offline during our period of investigation.
Back to the Top



F-Secure Corporation

Last Modified: April 29, 2008