Troj/Agent-GXS

Category: Viruses and Spyware
Type: Trojan
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-GXS is a Trojan for the Windows platform.

When first run,Troj/Agent-GXS copies itself to <Windows>\WindowsXP.exe and creates <Windows>\ftpa.ini.
  
Troj/Agent-GXS has the functionalities to:

-download files from preconfigured URLs.

-steal infomation then send to preconfigured URLs.

The following registry entry is changed to run <Windows>\WindowsXP.exe on startup:

  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  Shell
  Explorer.exe <Windows>\WindowsXP.exe

The following registry entry is created:

  HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
  DisableTaskMgr
  1

  HKCU\sRegPolicies+\Explorer
  NoChangeStartMenu
  1

  HKCU\sRegPolicies+\Explorer
  NoClose
  1

  HKCU\sRegPolicies+\Explorer
  NoLogoff
  1

The following registry entry is changed:

  HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
  Start
  4

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy