1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. Trojan-Dropper:W32/Agent.PR

Trojan-Dropper:W32/Agent.PR

Detection Names : Trojan-Spy.Win32.Agent.pr
Category:Malware
Type:Trojan-Dropper
Platform:W32

Summary

This type of trojan contains one or more malicious programs, which it will secretly install and execute.

Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.

Additional Details

Trojan-Dropper:W32/Agent.PR drops and executes files on the infected computer. It also creates files in the Windows directory.

On execution, this malware will drop the following files in the %system% folder

  • %system%\drivers\npf.sys - Clean
  • %system%\Packet.dll - Clean
  • %system%\WanPacket.dll - Clean
  • %system%\wpcap.dll - Clean
  • %system%\systemm.exe - Malware

Note: %system% is the C:\WINDOWS\System32 folder.

It will then execute the file SYSTEMM.EXE that is already detected as Backdoor.Win32.Agent.alh.

It will also create a batch file $$a.bat on the current directory for the sole purpose of deleting the malware dropper and the batch file itself.