Troj/Agent-HZ is a password stealing Trojan for the Windows platform.
Troj/Agent-HZ has the functionalities to:
- steal email server passwords
- send notification messages to remote locations
- access the Internet and communicate with a remote server via HTTP
When run, Troj/Agent-HZ copies itself to <System>\svchostss.exe
When run, Troj/Agent-HZ creates and runs the file <System>\helpersvchostss.exe. The file helpersvchostss.exe is detected by Sophos as Troj/Agent-HZ.
When run, Troj/Agent-HZ sets the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WindowsUpdatesvchostss
svchostss.exe