Troj/Agent-GNO

Aliases	Trojan-Downloader.Win32.Agent.hmm
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Included in our products from	March 2008 (4.27)
Protection available since	25 January 2008 13:34:05 (GMT)
Detected by	All Sophos products

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/Agent-GNO is a Trojan for the Windows platform.

Troj/Agent-GNO changes settings for Microsoft Internet Explorer by modifying values under:

HKCU\Software\Microsoft\Internet Explorer\Main\Search Bar
HKCU\Software\Microsoft\Internet Explorer\Main\Search Page
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page

The following registry entries are set, affecting internet security:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
1208
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
2500
3

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
1208
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
2500
3

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
1208
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
2500
3

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
1208
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
2500
3

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
1208
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
2500
3

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
1201
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
1804
1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
1201
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
1201
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
1804
1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
1201
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
1200
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
1201
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
1608
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
1804
1

The following registry entries are set, disabling system software:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
1

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
DisableRegistryTools
1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
DisableTaskMgr
1

Registry entries are set as follows:

HKCU\Software\Microsoft\Internet Explorer\Main
Enable Browser Extensions
yes

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
EnableBalloonTips
1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
EnableBalloonTips
1

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoControlPanel
1

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoWindowsUpdate
1

Registry entries are created under:

HKCR\.shtml

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Troj/Agent-GNO

Summary

Action

More Information