SecurityHome.eu Trojan.Downloader.Agent.awf

Home / malware PDF

Trojan.Downloader.Agent.awf

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Trojan.Downloader.Agent.awf is also known as Backdoor:Win32/Zonebac.B(OneCare.
Explanation :
The trojan launches "iexplore.exe" with a parameter consist from folowing URLs:
http://209.167.111.110/[removed]/200948704/477/0/31/0[removed]12260025[varible].html
http://222.133.3.210/[removed]/200948704/477/0/31/0[removed]12260025[varible].html
Tries to stop known security related processes:
isafe.exe, ca.exe, caissdt.exe, cavrid.exe, cavtray.exe, avp.exe, apvxdwin.exe , avciman.exe, avengine.exe, pavfnsvr.exe, pavprsrv.exe, pavsrv51.exe, pnmsrv.exe, psimsvc.exe, pskmssvc.exe, srvload.exe,tpsrv.exe, webproxy.exe, vir.exe, sdhelp.exe, swdoctor.exe, mxtask.exe, wmiprvse.exe, hsockpe.exe, dpasnt.exe, kav.exe, kavpf.exe, tsantispy.exe, fsm32.exe, fspex.exe, fsaw.exe, fsguidll.exe, msascui.exe.
Last update 21 November 2011

TOP

Malware :

Backdoor.WinCE.Brador.A
WinCE.Dust.A
Backdoor:WinCE/PhoneCreeper.A
Dialer:WinCE/Terdial.A
Trojan:WinCE/Terdial

Last 20

Family:

Exploit.JS.Agent.F
Trojan-Downloader:HTML/Agent.DY
Trojan.Downloader.JS.Agent.PB
Trojan-Dropper:W32/Agent.CMW
Trojan-Downloader:W32/Agent.TPF
Trojan-Dropper:W32/Agent.DSM
Trojan-Downloader:W32/Agent.BOY
Trojan-Dropper:W32/Agent.PR
Email-Worm:W32/Agent.BC
Trojan.Clicker.Agent.NP