Home / malware Trojan-Downloader:W32/Agent.HPS
First posted on 24 September 2008.
Source: SecurityHomeAliases :
There are no other names known for Trojan-Downloader:W32/Agent.HPS.
Explanation :
Trojan-downloaders attempt to download and install new malware, spyware, or adware on the targeted computer. No graphical user interface can be seen; it will run in the background.
right]This file will copy itself to:
- system32
s32net.exe
It creates a process as svchost.exe.
It sets a launch point with the following registry key:
- Key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Value: rs32net
Data: system32
s32net.exe
Agent.HPS attempts to download files from these IP addresses:
- 91.203.92.7
- 208.66.195.16
- 208.66.195.71
- 208.66.195.232
- 208.66.195.240
- 216.195.55.50
- 216.195.56.22
- 209.66.122.238
Last update 24 September 2008