Trojan.Win32.Agent2

Bookmark and Share

1. What is the Trojan.Win32.Agent2

Trojan.Win32.Agent2.crpo is a program that can compromise system integrity by making changes to the system that allow it to be used for malicious purposes unknown to the computer user. Usually, Trojan.Win32.Agent2.crpo exploits vulnerabilities of installed software to obtain remote, unauthorized access to your computer. Trojan.Win32.Agent2.crpo is made by attacker to get an authorized access to your computer for controlling the PC without the user"s knowledge.

 

2.Technical Details:

 

a. The following files were created in the system:

 

No. Filename Size
1 %System%\[filename of the sample #1 without extension].dat 9 bytes
2 [file and pathname of the sample #1] 109,222 bytes
3 %Windir%\Tasks\Acrobat Update.job 274 bytes
  • Notes:
    • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
    • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

b. Memory Modifications

  • There was a new process created in the system:

Process Name Process Filename Allocated Size
[filename of the sample #1] [file and pathname of the sample #1] 274,432 bytes

  • c. Other details

    • To mark the presence in the system, the following Mutex object was created:
      • GW54AVA7WAFPFSRR
    • The following Host Names were requested from a host database:
      • www.av-check.org
      • www.update-drivers.cc
      • www.mkrosoft.in
    • The following HTTP URLs were started reading:
      • http://www.av-check.org/upd/check.php?ver=1&cver=0&id=20060
      • http://www.update-drivers.cc/upd/check.php?ver=1&cver=0&id=20060
      • http://www.mkrosoft.in/upd/check.php?ver=1&cver=0&id=20060

     

    3. How-to's

    a. How to prevent the  Trojan.Win32.Agent2 ?

    Please update the policy basic knowledge of Sax2  in time, Once  Ax3soft sax2 detects  the communication of these trojans, it will break them and  ensure your network & business security.

    b. How to Remove the Trojan.Win32.Agent2   Manually?

    Step 1 : Delete Trojan.Win32.Agent2 corrupt files:
    helper.exe

    Step 2 : Remove Trojan.Win32.Agent2.ekk associated registry entries:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    HKCR\CLSID\{684EE1DB-CD52-4ca9-9CCF-93D5F6B419BA}\InprocServer32\kmsvc32.dll
    HKLM\SOFTWARE\Classes\CLSID\{684EE1DB-CD52-4ca9-9CCF-93D5F6B419BA}\
    InprocServer32\kmsvc32.dll

    c. How to Remove these trojans Instantly?

    Manual removal is a difficult process and it is not recommend unless you are an expert in this field. Therefore, you best defense is to download and install a reliable anti-spyware program to scan spyware on your machine. In order to detect computer threats in the easiest and fastest way possible, we advised trying the  Malwarebytes' Anti-Malware, it is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. visit http://www.ids-sax2.com/Malwarebytes-Anti-Malware.htm and download Malwarebytes' Anti-Malware to help you.

     

    4. Appendix

    For more information, please visit  http://www.ids-sax2.com/ComputerSecurityNewsletter.htm

    		•