Troj/Agent-GVT is a Trojan for the Windows platform.
When Troj/Agent-GVT is installed the following files are created:
<System>\lrmon.exe
<System>\usp.exe
These files are both detected as Troj/Agent-GVT
The file lrmon.exe is registered as a new system driver service named "lrmon", with a display name of "Infrared Monitor" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\lrmon\
The file USP.exe is registered as a new system driver service named "USP", with a display name of "Uninterruptible Power Supply" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\USP\
The Trojan will remove any registry entries under:
HKLM\SYSTEM\CurrentControlSet\Services\UPS\
<Sophos's anti-virus products include
Behavioral Genotype® Protection, which can proactively guard against new threats without requiring an update. Sophos customers have been protected against Troj/Agent-GVT (detected as Sus/Behav-1011) since version 4.17.>