"Agent Trojan" the newest member of the family TrojanSpy.Agent.dny "Agent Trojan" variant dny, using "Microsoft Visual C + + 6.0" to write.
"Agent Trojan" variant dny running, will be "% SystemRoot% system32" under the input method manager "CTFMON.EXE" move to "% SystemRoot% system32Com" directory, renamed "ie.exe".
Then "Agent Trojan" self-replicating variant dny to "% SystemRoot% system32" directory, renamed "CTFMON.EXE", disguised as the input method manager to confuse users.Meanwhile, the "Agent Trojan" variant dny in the "C:" directory of the release of Trojan horse "iexpe.exe".
"Agent Trojan" variant dny will traverse the background of the infected computer running the current system all the processes, once the process that there is some security software will try to end, so as to achieve the purpose of self-protection.Modify the registry key specified by the way turn off some security software monitoring capabilities, thereby increasing their chance of survival.
"Agent Trojan" is a variant of a Trojan downloader dny, in the background of the infected computer system connecting the remote server specified by the hacker site "http://2009.zhaoy ** 8.com/1000 /", reads the configuration file, and follow the information from the upgrade and download and run other malicious programs and other operations.
The malware may be downloaded Trojan for online games, remote control door or malicious adware program (rogue software), resulting in the infected computer users face different degrees of risk.