Troj/Agent-BIU is a Trojan for the Windows platform.
Troj/Agent-BIU includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/Agent-BIU is a Trojan for the Windows platform.
Troj/Agent-BIU includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Agent-BIU is installed it creates the file <System>\mscom32.dll.
The file mscom32.dll is registered as a COM object and ShellExecute hook, creating registry entries under:
HKCR\CLSID\(487166B7-DA1D-4ec0-966B-DFF858ECE8FD)
HKLM\SOFTWARE\Microsoft\Windows \CurrentVersion\Explorer\ShellExecuteHooks\
Troj/Agent-BIU includes functionality to inject mscom32.dll code into EXPLORER.EXE and modify the HOSTS file.
Troj/Agent-BIU modifies the HOSTS file, changing the URL-to-IP mappings for selected websites, therefore preventing normal access to these sites. The new HOSTS file will typically contain the following:
192.168.0.101 www.trendmicro.com
192.168.0.101 trendmicro.com
192.168.0.101 rads.mcafee.com
192.168.0.101 customer.symantec.com
192.168.0.101 liveupdate.symantec.com
192.168.0.101 us.mcafee.com
192.168.0.101 updates.symantec.com
192.168.0.101 update.symantec.com
192.168.0.101 www.nai.com
192.168.0.101 nai.com
192.168.0.101 secure.nai.com
192.168.0.101 dispatch.mcafee.com
192.168.0.101 download.mcafee.com
192.168.0.101 www.my-etrust.com
192.168.0.101 my-etrust.com
192.168.0.101 mast.mcafee.com
192.168.0.101 ca.com
192.168.0.101 www.ca.com
192.168.0.101 networkassociates.com
192.168.0.101 www.networkassociates.com
192.168.0.101 avp.com
192.168.0.101 www.kaspersky.com
192.168.0.101 www.avp.com
192.168.0.101 kaspersky.com
192.168.0.101 www.f-secure.com
192.168.0.101 f-secure.com
192.168.0.101 viruslist.com
192.168.0.101 www.viruslist.com
192.168.0.101 liveupdate.symantecliveupdate.com
192.168.0.101 mcafee.com
192.168.0.101 www.mcafee.com
192.168.0.101 sophos.com
192.168.0.101 www.sophos.com
192.168.0.101 symantec.com