Troj/Agent-CL is a Windows downloader Trojan.
When run Troj/Agent-CL drops the DLL file ntosv.dll to the Windows System folder.
The Trojan the sets the following registry entries so as to run during computer logon:
HKCR\CLSID\(23456789-0000-0020-0900-00AAFF6D2EA4)\InProcServer32
Default
%SYSTEM%\ntosv.dll
HKCR\CLSID\(23456789-0000-0020-0900-00AAFF6D2EA4)\InProcServer32
ThreadingModel
Apartment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
(23456789-0000-0020-0900-00AAFF6D2EA4)
Sysctl Desktop Handler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Sysctl Desktop Handler
(23456789-0000-0020-0900-00AAFF6D2EA4)
Troj/Agent-CL then silently downloads executables or DLLs without notification from a fixed website and runs or loads them.