high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 11 November 2004 22:29:33 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Agent-AU is a Trojan designed to disable firewall applications.
When first run, Troj/Agent-AU will copy itself to the Windows system folder and create the following registry entry to run the Trojan each time Windows is started:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
spoolsvr32
Troj/Agent-AU will drop a DLL file named WINACPI.DLL and create various registry entries under the following:
HKCU\Software\mzs\csmss\mzu\
HKCR\*\shellex\ContextMenuHandlers\sysacpildap\
HKCR\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\
HKCR\Interface\{5E2121ED-0300-11D4-8D3B-444553540000}\
HKCR\acpi.acpi.1\
HKCR\acpi.ext\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E2121EE-0300-11D4-8D3B-444553540000}
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\List\
Troj/Agent-AU will attempt to disable the following applications:
Agnitum Outpost Firewall
Kaspersky Anti-Hacker
Kerio Personal Firewall 4
McAfee Personal Firewall
Norton Internet Security Professional
Tiny Firewall Pro
Zone Labs ZoneAlarm
The Trojan will attempt to report successful infection of a computer by connecting to a specific website.
|
