Troj/Agent-GGM

Category: Viruses and Spyware Protection available since:19 Nov 2007 17:26:47 (GMT)
Type: Trojan Last Updated:19 Nov 2007 17:26:47 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed


Troj/Agent-GGM is a Trojan for the Windows platform.

Troj/Agent-GGM contains functionality to access the internet and communicate with a remote server using HTTP.

When first run, Troj/Agent-GGM may create the following files:

<Temp>\Node00000000.ini - data
<Temp>\RarSFX0\resume.exe - detected as Troj/Agent-GGM
<Current Folder>\Node00000000.ini - data
<Windows>\wmupdate.exe - detected as Troj/Agent-GGM

The following registry entry is created to run wmupdate.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
wmupdate
<Windows>\wmupdate.exe

The following registry entries are set, affecting internet security:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List
<Path to Trojan>\resume.exe
<Path to Trojan>\resume.exe:*:Enabled:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\IcmpSettings
AllowInboundEchoRequest
1

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy