Troj/Agent-GCA is a Trojan for the Windows platform.
When Troj/Agent-GCA is installed the following files are created:
<Temp>\winlogon.exe
<System>\DefLib.sys
The file winlogon.exe is detected as Troj/Agent-GCA.
The file DefLib.sys is detected as Troj/NtRootK-CA.
These files may be hidden when the SYS file is properly installed.
The file DefLib.sys is registered as a new system driver service named "SysLibrary". Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\SysLibrary
Troj/Agent-GCA changes settings for Microsoft Internet Explorer by modifying values under:
HKCU\Software\Microsoft\Internet Explorer\Security\
Registry entries are set as follows:
HKCU\Software\Microsoft\Internet Explorer\Desktop
host
66.232.98.112
HKCU\Software\Microsoft\Internet Explorer\Desktop
id
317836717252