Troj/Agent-IOM

Aliases	Trojan.Win32.Agent.asjk Adware:Win32/AdRotator Trojan.Fakeavalert
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Protection available since	9 January 2009 02:04:12 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/Agent-IOM is a Trojan for the Windows platform.

Troj/Agent-IOM drops the following files:

<System>\<random letters>.dll (also detected as Troj/Agent-IOM)
<System>\<random letters>.exe (clean uninstall file)

Troj/Agent-IOM creates the following registry entries to run the DLL file on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
<random letters>
<System>\regsvr32.exe /s "<System>\<random letters>.dll"

Troj/Agent-IOM also installs the DLL file as a Browser Helper Object by creating registry entries under the following locations:

HKCR\CLSID\{<Trojan clsid>}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{<Trojan clsid>}

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Sophos blogs

Troj/Agent-IOM

Summary

Action

More Information