Troj/Agent-OOR

Category:	Viruses and Spyware	Protection available since:	02 Sep 2010 01:06:28 (GMT)
Type:	Trojan	Last Updated:	02 Sep 2010 01:06:28 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-OOR include:

Example 1

File Information

Size: 74K
SHA-1: 538d19a31bd6dc7e37ea4a8bd8e36e64b01420a9
MD5: cd16f39a65de4de53eae717ccdefbae6
CRC-32: 70f84e3e
File type: application/x-ms-dos-executable
First seen: 2010-08-24

Example 2

File Information

Size: 51K
SHA-1: 949160567537e654c68cb35cebd7c38e788ca202
MD5: e3363c4848c61886f71d38c74ec4f93a
CRC-32: e189668e
File type: application/x-ms-dos-executable
First seen: 2010-08-30

Example 3

File Information

Size: 282K
SHA-1: c3a379beddf6fe7fb23eb2742ce6e98a3b751ad3
MD5: a804f447dbf2cedff0767966f91a99b8
CRC-32: 0185eff9
File type: application/x-ms-dos-executable
First seen: 2010-08-20

Other vendor detection

Avira: TR/Inject.aths
Kaspersky: Trojan.Win32.Inject.aths

Runtime Analysis

Registry Keys Created

HKLM\SYSTEM\CurrentControlSet\Services\netlogonz12\Enum
NextInstance
0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\netlogonz12
ImagePath
C:\WINDOWS\system32\lpqs.exe -isys

Processes Created

c:\windows\system32\lpqs.exe
c:\windows\system32\svchost.exe

HTTP Requests

http://update0528.com/D704588/xfiles/kb100002.download
http://update0528.com/D704588/xfiles/ls31.download
http://update0528.com/gf/0D2849FA/
http://update0528.com/mf/login/

DNS Requests

update0528.com

Try Sophos products for free
Download now