high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 22 June 2007 10:45:59 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Agent-FWO is a Trojan for the Windows platform.
When run Troj/Agent-FWO starts and run a Flash animation clip. At the same time, Troj/Agent-FWO also creates the file <Temp>\ixp000.tmp\fs.exe and run it. This is a Shockwave Animation file and can be safely removed.
Troj/Agent-FWO may drop any of the following files:
<System>\nvfw96 - can be safely removed
<System>\nvfw96.exe - also detected as Troj/Agent-FWO
<System>\div52x - can be safely removed
<System>\div52.exe - also detected as Troj/Agent-FWO
Troj/Agent-FWO includes functionality to:
- contact a remote website and send information
- inject code into system processes
The following registry entries are created to run Troj/Agent-FWO on startup:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
(076200C7-8302-FDAA-0404-070602000300)
StubPath
<System>\nvfw96.exe
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
(1871276A-3AE9-E43D-0400-000505000107)
StubPath
<System>\div52x.exe
Registry entries may also be created under:
HKCR\http\shell\open\command\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\
|
