Troj/Agent-BF is a downloading Trojan for the Windows platform that attempts to download and run a program from a remote location.
Troj/Agent-BF attempts to download and execute a file named _tmpbf07a.exe from a predefined remote location.
Troj/Agent-BF copies itself to the Windows system with a random filename and in order to be able to run automatically when a user logs on starts up sets the following registry entry with the path to the copy:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Troj/Agent-BF also sets following registry entries :
HKLM\Software\Microsoft\Windows\CurrentVersion\
ShellRegId
<random name>
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
<random name>
<random name>.exe