Home / malware Trojan-Dropper:W32/Agent.FLN
First posted on 12 December 2008.
Source: SecurityHomeAliases :
There are no other names known for Trojan-Dropper:W32/Agent.FLN.
Explanation :
This type of trojan contains one or more malicious programs, which it secretly installs and executes.
right]This trojan-dropper masquerades as a Homeview installer. In reality, its main purpose is to install Trojan:W32/DNSChanger.ARNF onto the system.
Execution
Upon execution, it will display the following fake screens, to mimic the legitimate installation sequence for Homeview:
Installation
While the fake installation screens are distracting user, the malware creates and executes this file:
- %temp%jah339312.exe
This file is detected as Trojan:W32/DNSChanger.ARNF.
If the fake Homeview installation sequence is completed, a new folder named %Program Files%homeview is created and this file is added to it:
- %Program Files%homeviewUninstall.exe
This uninstaller is capable of removing the Homeview-related registry entries and deleting itself and its folder. It is however incapable of removing Trojan:W32/DNSChanger.ARNF, or the changes that malware makes to the system.Last update 12 December 2008
