Troj/Agent-RDY

    Category: Viruses and SpywareProtection available since:14 Apr 2011 17:57:52 (GMT)
    Type: TrojanLast Updated:14 Apr 2011 17:57:52 (GMT)
    Prevalence: Small Number of Reports

    Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

    Troj/Agent-RDY exhibits the following characteristics:

    File Information

    Size
    201K
    SHA-1
    4faa2fc090d088f3ca862286981a25f3cc8269cb
    MD5
    97b624253c97d07670b2ab349480e3ba
    CRC-32
    0d0f7ed2
    File type
    application/x-ms-dos-executable
    First seen
    2011-02-21

    Other vendor detection

    Avira
    TR/Dropper.Gen
    Kaspersky
    Backdoor.Win32.VB.lti

    Runtime Analysis

    Copies Itself To
    • c:\Documents and Settings\test user\Local Settings\Temp\dmiy.exe
    Dropped Files
    • C:\WINDOWS\system32\drivers\etc\hosts
    • C:\WINDOWS\system32\vs6vo.log
    • c:\Documents and Settings\test user\Local Settings\Temp\~DFD359.tmp
    Modified Files
    • %SYSTEM%\drivers\etc\hosts
    Registry Keys Created
    • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
      iktc
      C:\DOCUME~1\support\LOCALS~1\Temp\dmiy.exe
    Registry Keys Modified
    • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
      Start
      0x00000004
    Processes Created
    • c:\docume~1\support\locals~1\temp\dmiy.exe
    • c:\windows\system32\cmd.exe
    • c:\windows\system32\net.exe
    • c:\windows\system32\net1.exe
    • c:\windows\system32\sc.exe
    DNS Requests
    • down.installstorm.com

    Download Sophos HomeDownload
    Sophos Home

    Free business-grade security for the home.

    Endpoint Protection