Troj/Agent-MIX

Category: Viruses and Spyware Protection available since:09 Feb 2010 13:48:36 (GMT)
Type: Trojan Last Updated:09 Feb 2010 13:48:36 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-MIX is a Trojan for the Windows platform.

Troj/Agent-MIX includes functionality to:

- run automatically
- copy itself to the <System> folder
- steal confidential information
- access the internet and communicate with a remote server via HTTP

Troj/Agent-MIX communicates via HTTP with the following locations:

for-sunny-smile . com
winter-smile . com


When Troj/Agent-MIX is installed the following files are created:

<System>\41.exe
<System>\helper32.dll
<System>\IS15.exe
<System>\smss32.exe
<System>\warning.html
<System>\winlogon32.exe

The following registry entries are set, affecting internet security:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
buy-is2010.com
http

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
buy-internetsecurity10.com
http

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
is10-soft-download.com
http

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
is-software-download25.com
http

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
is-software-download.com
http

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
buy-is2010.com
http

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
buy-internetsecurity10.com
http

Registry entries are set as follows:

HKLM\SOFTWARE\Microsoft\Internet Explorer
PhishingFilter
EnabledV8

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
system
EnableLUA

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
ActiveDesktop
NoChangingWallpaper

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
Explorer
NoSetActiveDesktop

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
Explorer
NoActiveDesktopChanges

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion
Run
smss32.exe

HKCU\Software\Microsoft\Internet Explorer
PhishingFilter
Enabled

HKCU\Software\Microsoft\Internet Explorer
PhishingFilter
EnabledV8

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
2
Flag

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies
Explorer
NoSetActiveDesktop

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies
Explorer
NoActiveDesktopChanges

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies
ActiveDesktop
NoChangingWallpaper

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies
System
DisableTaskMgr

HKCU\Software\Microsoft\Windows\CurrentVersion
Run
smss32.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Winlogon
Userinit

HKCU\Software\Microsoft\Internet Explorer\Desktop
Components
GeneralFlags

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components
0
Position

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components
0
CurrentState

HKCU\Software\Microsoft\Internet Explorer\Desktop
General
WallpaperLocalFileTime

HKCU\Software\Microsoft\Internet Explorer\Desktop
General
Wallpaper

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Connections
SavedLegacySettings

Registry entries are created under:

HKCU\Software

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy