Home / malware Trojan-Dropper:W32/Agent.PR
First posted on 13 June 2007.
Source: SecurityHomeAliases :
Trojan-Dropper:W32/Agent.PR is also known as Trojan-Spy.Win32.Agent.pr.
Explanation :
Trojan-Dropper:W32/Agent.PR allows running files on the infected computer and creates files in the Windows directory.
On execution, this malware will drop the following files in the %system% folder
- %system%drivers
pf.sys - clean - %system%Packet.dll - clean
- %system%WanPacket.dll - clean
- %system%wpcap.dll - clean
- %system%systemm.exe - malware
It will then execute the file SYSTEMM.EXE which is already detected as Backdoor.Win32.Agent.alh
**NOTE: %system% is c:WINDOWSSystem32 folder
It will also create a batch file $$a.bat on the current directory for the sole purpose of deleting the malware dropper and the batch file itself.
Last update 13 June 2007