Summary
This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.
Disinfection & Removal
Allow F-Secure Anti-Virus to disinfect the relevant files.
For more general information on disinfection, please see Removal Instructions.
Technical Details
Trojan-Downloader:W32/Agent.EYA obtains malware from several links and executes them into the infected system.
This malware is related to Trojan-Spy:W32/Banker.
Activity
Upon execution, this Trojan downloads files from several links with the following format:
- http://bl.fgs.org.tw/icons/.dat/[removed].exe
The files are saved in the Windows system directory with the following file names:
- datta.exe - detected as Trojan-Spy.Win32.Banker.cxk
- info1.exe - detected as Trojan-Spy.Win32.Banker.cxu
- spoolsvw.exe - detected as Trojan-Spy.Win32.Banker.cxj
- temp32.exe - detected as Trojan-Spy.Win32.Banker.cxu
The files are then executed.
Submit a sample
Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)
F-Secure Community
Give advice. Get advice. Share the knowledge on our free discussion forum.