Troj/Agent-ODG

Category: Viruses and Spyware Protection available since:29 Jul 2010 14:25:31 (GMT)
Type: Trojan Last Updated:29 Jul 2010 14:25:31 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-ODG is a Trojan for the Windows platform.

Troj/Agent-ODG includes functionality to:

- run automatically
- create batch scripts
- access the internet and communicate with a remote server via HTTP

Troj/Agent-ODG communicates via HTTP with the following locations:

ideoma . com . ve
google . com

When Troj/Agent-ODG is installed it creates the file <User>\Application Data\Ekyd\ynody.exe.

The following registry entry is created to run ynody.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
{7DA47202-124C-63F4-29C3-55DF43EB1D9D}
<User>\Application Data\Ekyd\ynody.exe

The following registry entries are set, affecting internet security:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
1609
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
1406
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
1609
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
1609
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
1406
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
1609
0x00000000

The following registry entry is set:

HKCU\Software\Microsoft\Internet Explorer\Privacy
CleanCookies
0x00000000

Registry entries are created under:

HKCU\Software\Microsoft\Irfyo

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy