Added Date: 2008-11-01 | Editor: Jack | About: Trojan, Spy-Agent.bw
Spy-Agent.bw
Aliases: Troj/Bancos-BDR[Sophos],Infostealer.Monstres[Symantec]
Type: Trojan
Systems Affected: Windows98, Windows 2000, Windows 2003, Windows XP, Windows Vista
Overview:Spy-Agent.bw may steal sensitive information from the computer infected with this trojan. Recently the variant of this trojan was found to stealing data from recruitment websites when the user is infected.
Variant & symptoms:
1. Automatically sends e-mail that using the subject 'Your Flight Ticket N0165906'.
2. Automatic creates folder and file: [system driver]\windows\system32\ntos.exe
3. Automatic creates folder and file:
[system driver]\windows\system32\wsnpoem\
[system driver]\windows\system32\wsnpoem\audio.dll
[system driver]\windows\system32\wsnpoem\video.dll
Related trojan:Agent Trojan,
Tiny Spy Agent,
TrojanSpy.Win32.Agent,
Pc agent
Remove Spy-Agent.bw:
1. Click Start > Run, type "regedit", click Ok.
2. Navigate to and delete the following entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\"UID" = [COMPUTERNAME]_[UNIQUE_ID]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"pathx" = [MALWARE_ORIGINAL_FILENAME]
3. Restore the following registry entries to their original values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "%SYSTEM%\userinit.exe, %System%\ntos.exe"
4. Close Registry Editor.
5. You can also use antivirus software to remove the trojan quickly:
Norton Internet Security 2009
|
