تفضل إمسح التالي (لديك trojan horse(
Troj/Agent-DLW Trojan
Summary
[LIST][*] Summary[*] Description[*] Recovery[*] Advanced[*][/LIST]Name Troj/Agent-DLW Type [LIST][*]Trojan[/LIST]Affected operating systems [LIST][*]Windows[/LIST]Side effects [LIST][*]Downloads code from the internet[*]Installs itself in the Registry[*]Leaves non-infected files on computer[/LIST]Aliases [LIST][*]Trojan.Win32.Agent.zl[/LIST]Protection available since 12 October 2006 08:21:51 (GMT) Detected by All versions of Sophos Anti-Virus Included in our products from November 2006 (4.11)
Description
[LIST][*] Summary[*] Description[*] Recovery[*] Advanced[*][/LIST]This section helps you to understand how it behaves
Troj/Agent-DLW is a Trojan for the Windows platform.
Recovery
[LIST][*] Summary[*] Description[*] Recovery[*] Advanced[*][/LIST]This section tells you how to remove the threat.
Please follow the instructions for removing Trojans.
Advanced
[LIST][*] Summary[*] Description[*] Recovery[*] Advanced[*][/LIST]This section is for technical experts who want to know more.
Troj/Agent-DLW is a Trojan for the Windows platform.
When run Troj/Agent-DLW creates the following files:
<Temp>\iedw.dll
<Temp>\server.exe
<Program Files>\Internet Explorer\hmmapi.exe
<Program Files>\Internet Explorer\iedw.exe
<Program Files>\Internet Explorer\iedw.dll
<Program Files>\Windows Media Player\iedw.exe
<Program Files>\Windows Media Player\setup_wm.dll
These files are detected as Troj/Agent-DLW.
<Temp>\KooWoLyricBind_hy_lyric_025.exe
<Temp>\UserID.txt
<Users>\Application Data\Adobe\UserID.txt
<Program Files>\Internet Explorer\Setup.inf
<System>\HTTPDll.dll
<System>\lrcsys.exe
<System>\Plugin.ini
<System>\YHBO.dll
<Application Data>\Microsoft\Internet Explorer\Quick Launch\
<random characters>Internet Explorer<random characters>.lnk
These files can be safely deleted.
Troj/Agent-DLW includes functionality to:
- download code from the internet
- inject code into system processes
Registry entries are created under:
HKCR\AppID\BHO.DLL
HKCR\AppID\HTTPDll.DLL
HKCR\AppID\(51450752-E1D1-4DCA-804A-636000845064)
HKCR\AppID\(E00EDD4C-4879-42C6-BE02-A563421D0175)
HKCR\BHO.BHOImp.1
HKCR\BHO.BHOImp
HKCR\CLSID\(5CAC4E80-A015-41C8-8796-047BE272AC04)
HKCR\CLSID\(70AFF2CB-9DA2-499C-8D15-900729FCE83D)
HKCR\HTTPDll.HttpReqeust.1
HKCR\HTTPDll.HttpReqeust
HKCR\Interface\(030DAC98-434F-4802-BECD-96CA7B09271E)
HKCR\Interface\(33EC91FB-CAA5-4EAA-905B-E485D4D37694)
HKCR\TypeLib\(4A318EAA-90C7-408B-AD6A-04AA49CEE043)
HKCR\TypeLib\(C03A8B3C-7959-447C-A6C3-351660B23BF0)
HKLM\SOFTWARE\KooWo
https://www.sophos.com/security/anal...jagentdlw.html
المفضلات