Troj/Agent-HFD

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Characteristics	Drops more malware
Protection available since	9 July 2008 19:49:36 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/Agent-HFD is a Trojan for the Windows platform.

Troj/Agent-HFD includes functionality to access the internet and communicate with a remote server via HTTP.

When Troj/Agent-HFD is installed it creates the file <System>\univrs32.dat.

The file univrs32.dat is detected as Troj/Agent-GPD.

Troj/Agent-HFD changes settings for Microsoft Internet Explorer, including search settings, by modifying values under:

HKCU\Software\Microsoft\Internet Explorer\Main\Search Bar
HKCU\Software\Microsoft\Internet Explorer\Main\Search Page
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\

The following registry entries are set, affecting internet security:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
1208
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
2500
3

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
1208
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
2500
3

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
1208
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
2500
3

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
1208
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
2500
3

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
1208
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
2500
3

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
1201
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
1804
1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
1201
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
1201
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
1804
1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
1201
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
1200
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
1201
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
1608
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
1804
1

The following registry entry is set:

HKCU\Software\Microsoft\Internet Explorer\Main
Enable Browser Extensions
yes

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Sophos blogs

Troj/Agent-HFD

Summary

Action

More Information