high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | February 2006 (4.02) |
| Protection available since | 26 December 2005 14:39:37 (GMT) |
| Last updated | 4 January 2006 13:51:39 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Agent-IF is a Trojan for the Windows platform.
Troj/Agent-IF is capable of spying on a user's browsing habits, modifying Microsoft Internet Explorer settings, downloading further executables and displaying popup advertisements.
When Troj/Agent-IF is installed the following files are created:
<Temp>\wmpl.exe
<System>\gtrack.dll
<System>\kaboom.dll
The files gtrack.dll and kaboom.dll are registered as COM objects and Browser Helper Objects (BHOs) for Microsoft Internet Explorer, creating registry entries under:
HKCR\CLSID\(4BC9A7AC-2329-49D0-B07F-5FE484029DC2)
HKCR\CLSID\(A853979C-2A9A-4ACB-8975-5740A7E26CB4)
HKCR\Interface\(BAA919E5-FD47-4D7E-95AB-5B2CDA493358)
HKCR\Interface\(D861BD5E-E1E7-4E5E-AB15-CB347FBDBC6D)
HKCR\Kaboom.IEagent\
HKCR\Kaboom.IEagent.1\
HKCR\TypeLib\(023E6659-1A0A-4724-9273-66EA06A82C98)
HKCR\TypeLib\(E0C0FC76-CC5E-46E2-B77A-4C2ADD965B9F)
HKCR\Watcher.GoogleTracker\
HKCR\Watcher.GoogleTracker.1\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\(4BC9A7AC-2329-49D0-B07F-5FE484029DC2)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\(A853979C-2A9A-4ACB-8975-5740A7E26CB4)
Registry entries are created under:
HKLM\SOFTWARE\Microsoft\SUW\
|
