|
|
|  |
|
|
|
|
F-Secure Malware Information Pages: Trojan:W32/Agent.AFB
|
|
|
| Radar |
 |
|
|
|
Summary
|
| Trojan:W32/Agent.AFB is a trojan with rootkit functionality. |
|
|
|
Disinfection
|
Detection and Disinfection of Rootkits
If the rootkit is not detected or it is hidden so that FSAV cannot detect its file, it is still possible to detect the malicious activity by scanning the system with generic rootkit scanner, such as F-Secure BlackLight. More information about F-Secure BlackLight Rootkit Elimination Technology can be found here:
http://www.f-secure.com/blacklight/
The BlackLight utility is also able to disinfect computers that are infected by rootkits.
Automatic Disinfection
Usually viruses infecting boot and executable files are automatically disinfected by F-Secure Anti-Virus (FSAV). In some cases, when automatic disinfection is not possible due to file corruption or overwriting virus, a user can select disinfection action by him/herself to make FSAV rename or delete an infected file. In some special cases it is recommended to use specific disinfection tools provided by F-Secure. They can be downloaded from our web or ftp sites:
http://www.f-secure.com/download-purchase/tools.shtml
ftp://ftp.f-secure.com/anti-virus/tools/
F-Secure Anti-Virus can be purchased from our webshop or from our authorized distributors. A trial version F-Secure Anti-Virus, limited to 30 days, can be downloaded from our website:
http://www.f-secure.com/download-purchase/
All the latest versions of FSAV can download anti-virus database updates automatically. However, these updates can be also downloaded and installed manually from our web or ftp sites:
http://www.f-secure.com/download-purchase/updates.shtml
Manual Disinfection
It is not recommended to manually disinfect files and boot sectors from viruses as it can cause damage to a system and make it unbootable.
System Restore issue and file viruses
If Windows ME or XP is used, it is recommended to disable System Restore feature of these operating systems to prevent a computer from re-infection by an already removed malware. The fact is that System Restore feature of these operating systems might save an infected file into the special folder and copy it back to a hard drive it every time it's been renamed or deleted by F-Secure Anti-Virus or by a user. Instructions on how to disable System Restore feature are here:
Windows ME:
http://www.europe.f-secure.com/v-descs/sfc_dis.shtml
Windows XP:
http://www.europe.f-secure.com/v-descs/sfc_dis1.shtml
It is recommended to re-enable System Restore after disinfection in order to restore stable system configuration if any crash or incompatibility issue occurs in the future. |
|
|
|
Detailed Description
|
Trojan:W32/Agent.AFB is a generic detection for trojans with rootkit technology that is usually associated with Adware programs.
Trojan:W32/Agent.AFB may drop .DLL , .SYS or .EXE files as its component. It typically drops its components in the following paths:
- Windows temporary folder
- Windows Directory
- Windows System Directory
- Program files directory
The dropped .SYS file is a driver that is use to hide some registry entries. This is done by hooking several APIs related to registry operations. |
|
|
|
Detection
|
F-Secure Anti-Virus detects this malware with the following updates: [FSAV_Database_Version] Version = 2007-03-23_04.
|
|
|
|
F-Secure Corporation |
|
|
|
|
|
Last Modified: April 05, 2007
|
|
|
|
|
