Troj/Agent-MQ is a Trojan for the Windows platform.
When run, Troj/Agent-MQ creates the following registry entries:
HKCR\CLSID\{4E3D249B-013B-3AF1-F48D-BFAA52F95720}\LocalServer\
(default)
<path to Trojan>
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
<Trojan filename>
<full path to Trojan>
The Trojan attempts to download files from a remote site. Downloaded files are named by joining one or more of the following strings:
add
api
app
atl
cr
d3
dll
exe
ie
ip
java
mfc
ms
net
nt
sdk
sys
win
An optional 32 may also be appended to the filename. A registry entry may be created under the following in order to run the downloaded file when a user logs on:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce