Troj/Dloade-AAG

Aliases	Trojan-Downloader.Win32.Small.bye Download.Trojan Generic Downloader.u
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Protection available since	8 December 2005 10:58:31 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/Dloade-AAG is a Trojan for the Windows platform.

Troj/Dloade-AAG includes functionality to access the internet and communicate with a remote server via HTTP.

Troj/Dloade-AAG attempts to download files from the predefined locations as the following:

<Windows>\degbes.exe
<Windows>\hosts
<Windows>\kl.exe
<Windows>\secure32.html
<System>\paytime.exe
<Windows>\tool1.exe
<Windows>\tool2.exe
<Windows>\tool3.exe
<Windows>\tool4.exe
<Windows>\tool5.exe
<Windows>\toolbar.exe
<Windows>\uniq

When Troj/Dloade-AAG is installed the following registry entry is set:

HKCU\Software\Microsoft\Windows\CurrentVersion\adv435 = "adv435"

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Sophos blogs

Troj/Dloade-AAG

Summary

Action

More Information