Troj/Agent-GWA

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Protection available since	13 April 2008 15:40:24 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/Agent-GWA is a Trojan for the Windows platform.

Troj/Agent-GWA includes functionality to download, install and run new software.

Troj/Agent-GWA attempts to download files to:

<Temp>\Plus.exe
<Temp>\flash.exe
<System>\doit.exe

When first run doit.exe creates the file <System>\native.exe which it adds to the following registry entry to run at startup:

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Sophos blogs

Troj/Agent-GWA

Summary

Action

More Information