high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | March 2005 (3.91) |
| Protection available since | 6 February 2005 22:42:32 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
Windows NT/2000/XP/2003
In Windows NT/2000/XP/2003 you will also need to edit the following registry entry. The removal of this entry is optional in Windows 95/98/Me. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
hiden
hiden.exe
and delete it if it exists.
Close the registry editor.
More Information
Troj/Agent-IW is a downloading Trojan.
The Trojan attempts to connect to the website dappc.com in order to download a file containing instructions about the URLs to visit and files to download and run. If the connection is successful, the file is saved as param.txt in the Windows system folder.
Troj/Agent-IW may be uploaded by the Trojan writer onto a web site. A web page may contain an exploit that attempts to drop and run the Trojan executable.
In order to run automatically when Windows starts up the Trojan copies itself to the file hiden.exe in the Windows system folder.
Troj/Agent-IW adds the following registry entry so that the Trojan file is run every time the user logs on to the computer:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
hiden
hiden.exe
|
