SecurityHome.eu Trojan-Downloader:W32/Agent.BOY

Home / malware PDF

Trojan-Downloader:W32/Agent.BOY

First posted on 20 June 2007.
Source: SecurityHome
Aliases :
Trojan-Downloader:W32/Agent.BOY is also known as Trojan-Downloader.Win32.Agent.boy.
Explanation :
Trojan-Downloader:W32/Agent.BOY attempts to download and install other malware onto the affected system.

Once Trojan-Downloader:W32/Agent.BOY has been executed, it drops the following driver components:

%sysdir%driversip6fw.sys - detected as Rootkit.Win32.Agent.dp
%sysdir%drivers
untime.sys - detected as Rootkit.Win32.Agent.dw

Furthermore, it launches an instance of Microsoft Internet Explorer as a hidden process with its code injected to this process.

It then attempts to connect to the following addresses to download other malicious programs:

66.246.252.213
67.18.114.98
208.66.194.241

The downloaded files are saved as:

%sysdir%[random characters]9_exception.nls
%temp%ldrnt.bin

Last update 20 June 2007

TOP

Trojan-Downloader:W32/Agent.BOY

Aliases :

Explanation :

Malware :

Family: