W32/Agent-LRU is a worm for the Windows platform.
When W32/Agent-LRU is installed it copies itself to <System>\kavo.exe.
When W32/Agent-LRU is installed the following files are also created:
<Temp>\eyi.sys
<Temp>\zfzd.dll
<System>\kavo0.dll
The file eyi.sys is detected as Mal/Vanti-A and Mal/RootKit-.A.
The file zfzd.dll is detected as Mal/EncPk-CE.
The file kavo0.dll is detected as Troj/Lineag-Gen
The following registry entry is created to run kavo.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
kava
<System>\kavo.exe