Troj/Agent-HCG

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Protection available since	13 June 2008 14:25:02 (GMT)
Last updated	17 June 2008 12:48:39 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/Agent-HCG is a Trojan for the Windows platform.

When Troj/Agent-HCG is installed it creates a randomly named dll file in the <System> folder, for example:

<System>\jkkJdAqR.dll

The following registry entries are created to run code in the dropped dll:

HKCR\CLSID\{FAAF4503-E52D-4B3B-9B12-D408F13AD817}
InprocServer32
<System>\jkkJdAqR.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{FAAF4503-E52D-4B3B-9B12-D408F13AD817}

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<random_filename>
DllName
<System>\jkkJdAqR.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<random_filename>
Impersonate
0

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Sophos blogs

Troj/Agent-HCG

Summary

Action

More Information