Threat Description

Trojan-Dropper:W32/Agent.PR

Details

Aliases:Trojan-Dropper:​W32/Agent.PR, Trojan-Spy.Win32.Agent.pr
Category:Malware
Type:Trojan-Dropper
Platform:W32

Summary



This type of trojan contains one or more malicious programs, which it will secretly install and execute.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details



Trojan-Dropper:W32/Agent.PR drops and executes files on the infected computer. It also creates files in the Windows directory.

On execution, this malware will drop the following files in the %system% folder

  • %system%\drivers\npf.sys - Clean
  • %system%\Packet.dll - Clean
  • %system%\WanPacket.dll - Clean
  • %system%\wpcap.dll - Clean
  • %system%\systemm.exe - Malware

Note:%system% is the C:\WINDOWS\System32 folder.

It will then execute the file SYSTEMM.EXE that is already detected as Backdoor.Win32.Agent.alh.

It will also create a batch file $$a.bat on the current directory for the sole purpose of deleting the malware dropper and the batch file itself.






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Scan & clean your PC

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

Learn More