Trojans are malicious programs that pretend be to benign. Trojans do not replicate themselves.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
Trojan:W32/Agent.FVO was sent in several spam runs in the country of Denmark. The email messages are in Danish and were sent to Danish email addresses.The email message claim to be from F-Secure support.The message appears as follows:
From: firstname.lastname@example.org Date: 26. August 2008 08:31 Subject: Data er tillagt og sendt med denne meddelelse. Käre kunder! Regning Data er tillagt og sendt med denne meddelelse. Jeg bruger gratis F-secure antispamversion, som allerede har fjernet 338 spambreve. Antispam er helt gratis for private brugere. Attachment: f-secure.rar
The attachment contains a file called update26.08.2008.exe, which, when run, drops a file called dcbcg.exe that attempts to connect to a server located in Ukraine.The IP address to which Agent.FVO attempts to connect hosts a fake version of MP3.com.
Creates these files:
Attempts to connect with HTTP to:
Sets these values:
Creates these keys: