Troj/Agent-EY

Aliases	Trojan-Spy.Win32.Agent.dg
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Protection available since	7 November 2005 11:47:14 (GMT)
Last updated	25 November 2005 13:35:31 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/Agent-EY is a downloader and information stealer Trojan for the Windows platform.

The Trojan will copy itself to the Windows system folder as "perfmnt.exe" .

The Trojan creates the following registry entries:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
Debugger
<path of Trojan EXE>

Troj/Agent-EY uses Internet Explorer to open a predefined URL without the user's knowledge, and download a file as "update.php" to the Temporary Internet Files folder.

The Trojan collects certain information and submits it to a predefined URL.

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Troj/Agent-EY

Summary

Action

More Information