Backdoor:W32/Agent.CTH is a backdoor that can steal information. Stolen information is sent to a collection site using an HTTP POST command.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
Upon execution, this malware drops the following files:
The files s32.txt and ws386.ini are logs.As part of its autostart mechanism, it installs itself as a system service.
It also creates the following registry entry:
It checks for Internet connectivity by attempting to connect to the following sites:
This malware can steal information such as:
Stolen information is sent to a collection site using an HTTP POST command.It also collects email addresses but ignores addresses with the following strings: