Sophos

Sophos blogs

Troj/Agent-ZA

Aliases
  • TrojanDownloader.Win32.Agent.z
  • BackDoor-BDD
  • Win32/TrojanDownloader.Agent.NAB
  • TROJ_AGENT.Z3
Category
Type
What to do
Prevalence low high

Summary

 
Protection available since 23 June 2004 15:44:57 (GMT)
Detected by All Sophos products
Download Free virus scan
Download the Threat Detection Test
  • Free virus, spyware, and adware scan
  • Test your existing anti-virus protection
  • Find threats your anti-virus missed

Action

More Information

Troj/Agent-ZA is a Trojan which runs in the background as a service process and attempts to allow unauthorised access to the computer.

The Trojan creates an entry in the registry at the following location to run itself on system restart:

HKLM\SYSTEM\ControlSet001\Services\__NS_Service\ImagePath

The Trojan creates the following registry entries:

HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY___NS_SERVICE\0000\
Service= __NS_Service

HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY___NS_SERVICE\0000\
DeviceDesc= Network Security Service

Troj/Agent-ZA also deletes the registry entry

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
AppInit_DLLs .

RSS|Atom
Get reports about the latest virus and spyware threats delivered to your computer