This type of trojan contains one or more malicious programs, which it will secretly install and execute.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
Trojan-Dropper:W32/Agent.PR drops and executes files on the infected computer. It also creates files in the Windows directory.
On execution, this malware will drop the following files in the %system% folder
- %system%\drivers\npf.sys - Clean
- %system%\Packet.dll - Clean
- %system%\WanPacket.dll - Clean
- %system%\wpcap.dll - Clean
- %system%\systemm.exe - Malware
Note:%system% is the C:\WINDOWS\System32 folder.
It will then execute the file SYSTEMM.EXE that is already detected as Backdoor.Win32.Agent.alh.
It will also create a batch file $$a.bat on the current directory for the sole purpose of deleting the malware dropper and the batch file itself.