Home > Threat descriptions >

Trojan-Dropper:W32/Agent.PR

Classification

Category: Malware

Type: Trojan-Dropper

Aliases: Trojan-Dropper:W32/Agent.PR, Trojan-Spy.Win32.Agent.pr

Summary


This type of trojan contains one or more malicious programs, which it will secretly install and execute.

Removal


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


Trojan-Dropper:W32/Agent.PR drops and executes files on the infected computer. It also creates files in the Windows directory.

On execution, this malware will drop the following files in the %system% folder

  • %system%\drivers\npf.sys - Clean
  • %system%\Packet.dll - Clean
  • %system%\WanPacket.dll - Clean
  • %system%\wpcap.dll - Clean
  • %system%\systemm.exe - Malware

Note:%system% is the C:\WINDOWS\System32 folder.

It will then execute the file SYSTEMM.EXE that is already detected as Backdoor.Win32.Agent.alh.

It will also create a batch file $$a.bat on the current directory for the sole purpose of deleting the malware dropper and the batch file itself.