Troj/Agent-ACR

Category: Viruses and SpywareProtection available since:04 Feb 2006 00:00:00 (GMT)
Type: TrojanLast Updated:04 Feb 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-ACR is a Trojan for the Windows platform.

Troj/Agent-ACR includes functionality to communicate with a remote server and to silently download, install and run new software, including updates.

When first run Troj/Agent-ACR moves itself to the Windows system32 folder with a pre-configured filename and creates a file named &ltSystem&gt\helper&ltpreconfigured filename&gt.exe. Known configurations of Troj/Agent-ACR use the following filenames:

&ltSystem&gt\1sass.exe
&ltSystem&gt\helper1sass.exe
&ltSystem&gt\a1g.exe
&ltSystem&gt\helpera1g.exe
&ltSystem&gt\mlr66.exe
&ltSystem&gt\helpermlr66.exe
&ltSystem&gt\msvcav.exe
&ltSystem&gt\helpermsvcav.exe

Troj/Agent-ACR creates the following registry entry run itself on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
&ltvariable&gt
&ltpreconfigured filename&gt.exe

Known configurations of Troj/Agent-ACR create registry entries as follows:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
a1g
a1g.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
m66
mlr66.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
msvcav
msvcav.exe

The following registry entry is created:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\
AltClientId
&ltvariable number&gt