Troj/Agent-DP

Category: Viruses and Spyware
Type: Trojan
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-DP is a backdoor Trojan for the Windows platform that provides an unauthorized remote access to the infected computer.

Once executed Troj/Agent-DP copies itself to the Windows system folder with the filename agent.exe, and in order to be able to run automatically when Windows starts up sets the registry entry:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Backdoor.NuAgent
agent.exe

Troj/Agent-DP terminates processes related to the following applications:

alogserv.exe
APVXDWIN.EXE
ATUPDATER.EXE
ATUPDATER.EXE
AUPDATE.EXE
AUTODOWN.EXE
AUTOTRACE.EXE
AUTOUPDATE.EXE
Avconsol.exe
AVENGINE.EXE
AVPUPD.EXE
Avsynmgr.exe
AVWUPD32.EXE
AVXQUAR.EXE
AVXQUAR.EXE
blackd.exe
ccApp.exe
ccEvtMgr.exe
ccProxy.exe
ccPxySvc.exe
CFIAUDIT.EXE
DefWatch.exe
DRWEBUPW.EXE
ESCANH95.EXE
ESCANHNT.EXE
FIREWALL.EXE
FrameworkService.exe
ICSSUPPNT.EXE
ICSUPP95.EXE
LUALL.EXE
LUCOMS~1.EXE
mcagent.exe
mcshield.exe
MCUPDATE.EXE
mcvsescn.exe
mcvsrte.exe
mcvsshld.exe
N32SCANW.EXE
NAV.EXE
navapsvc.exe
navapsvc.exe
NAVAPSVC.EXE
navapsvc.exe
navapw32.exe
NAVAPW32.EXE
NAVLU32.EXE
NAVNT.EXE
NAVW32.EXE
NAVWNT.EXE
NISUM.EXE
NISUM.EXE
NMAIN.EXE
nopdb.exe
NORMIST.EXE
NPRO
NPROTECT.EXE
NUPGRADE.EXE
NUPGRADE.EXE
NUPGRADE.EXE
NVC95.EXE
OUTPOST.EXE
PavFires.exe
pavProxy.exe
pavsrv50.exe
Rtvscan.exe
RuLaunch.exe
SAVScan.exe
SHSTAT.EXE
SNDSrvc.exe
symlcsvc.exe
TASKMGR.EXE
TCA.EXE
TCM.EXE
TECT.EXE
UPDATE.EXE
UpdaterUI.exe
Vshwin32.exe
VsStat.exe
VsTskMgr.exe
ZONEALARM.EXE

Troj/Agent-DP modifies a Windows HOSTS file in attempt to prevent access to the following AV sites:

avp.com
ca.com
customer.symantec.com
dispatch.mcafee.com
download.mcafee.com
f-secure.com
kaspersky.com
liveupdate.symantec.com
liveupdate.symantecliveupdate.com
mast.mcafee.com
mcafee.com
my-etrust.com
nai.com
networkassociates.com
rads.mcafee.com
secure.nai.com
securityresponse.symantec.com
sophos.com
symantec.com
trendmicro.com
update.symantec.com
us.mcafee.com
viruslist.com
www.avp.com
www.ca.com
www.f-secure.com
www.kaspersky.com
www.mcafee.com
www.my-etrust.com
www.nai.com
www.networkassociates.com
www.pandasoftware.com
www.sophos.com
www.symantec.com
www.trendmicro.com
www.viruslist.com