high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 4 February 2006 18:24:54 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Agent-ACR is a Trojan for the Windows platform.
Troj/Agent-ACR includes functionality to communicate with a remote server and to silently download, install and run new software, including updates.
When first run Troj/Agent-ACR moves itself to the Windows system32 folder with a pre-configured filename and creates a file named <System>\helper<preconfigured filename>.exe. Known configurations of Troj/Agent-ACR use the following filenames:
<System>\1sass.exe
<System>\helper1sass.exe
<System>\a1g.exe
<System>\helpera1g.exe
<System>\mlr66.exe
<System>\helpermlr66.exe
<System>\msvcav.exe
<System>\helpermsvcav.exe
Troj/Agent-ACR creates the following registry entry run itself on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
<variable>
<preconfigured filename>.exe
Known configurations of Troj/Agent-ACR create registry entries as follows:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
a1g
a1g.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
m66
mlr66.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
msvcav
msvcav.exe
The following registry entry is created:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\
AltClientId
<variable number>
|
