Trojan-Downloader:W32/Agent.ICF attempts to download files. It also drops files and writes to the system registry.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest detection database updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
NOTE If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note You need administrative rights to change the settings.
For more Support
Find the latest advice in our Community Knowledge Base.
See the user guide for your product on the Help Center.
Chat with or call an expert for help.
Submit a file or URL for further analysis.
Attention: %windir% represents the default Windows directory.Creates these files:
Replaces the following file with a copy of itself:
Note: The file called rsvp.exe is a Windows system file. Deletion of the malware file during disinfection will require the repair of the system file.Creates these directories:
Creates these processes:
Uses these temporary processes:
These modules were loaded into other processes:
Creates these mutexes:
Attempts to download files from:
Sets these values:
Creates these keys:
Notepod: Agent.ICF creates a file called notepod.exe and sets a registry value to associate .TXT files with it. If the system user opens a text file notepod.exe will be launched, which in turn calls on notepad.exe. Notepad.exe is a legitimate Windows file.The launching of notepod.exe will once again execute the trojan-downloader mechanisms.Automatic Updates: Agent.ICF attempts to delete the Automatic Updates service. The Automatic Update service enables the download and installation of Windows updates.Autorun Features: Agent.ICF also contains autorun features. See the Worm/W32:Autorun description for additional details. The autorun.inf file will copy to the root of a removable drive. Under a folder called recycled there is a file called cleardisk.pif. The PIF file a copy of the trojan-downloader.