Backdoor:W32/Agent.CTH is a backdoor that can steal information. Stolen information is sent to a collection site using an HTTP POST command.
Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
Upon execution, this malware drops the following files:
The files s32.txt and ws386.ini are logs.As part of its autostart mechanism, it installs itself as a system service.
It also creates the following registry entry:
It checks for Internet connectivity by attempting to connect to the following sites:
This malware can steal information such as:
Stolen information is sent to a collection site using an HTTP POST command.It also collects e-mail addresses but ignores addresses with the following strings: