Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Trojan-Dropper:W32/Agent.PR


Aliases:


Trojan-Dropper:W32/Agent.PR
Trojan-Spy.Win32.Agent.pr

Malware
Trojan-Dropper
W32

Summary

This type of trojan contains one or more malicious programs, which it will secretly install and execute.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details

Trojan-Dropper:W32/Agent.PR drops and executes files on the infected computer. It also creates files in the Windows directory.

On execution, this malware will drop the following files in the %system% folder

  • %system%\drivers\npf.sys - Clean
  • %system%\Packet.dll - Clean
  • %system%\WanPacket.dll - Clean
  • %system%\wpcap.dll - Clean
  • %system%\systemm.exe - Malware

Note:%system% is the C:\WINDOWS\System32 folder.

It will then execute the file SYSTEMM.EXE that is already detected as Backdoor.Win32.Agent.alh.

It will also create a batch file $$a.bat on the current directory for the sole purpose of deleting the malware dropper and the batch file itself.







Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.

Scan and clean your PC




F-Secure Online Scanner will scan and clean your PC in just a few minutes for free