Selected viruses, spyware, and other threats: sorted alphabetically
Win32/TrojanDownloader.Agent.PUD
|
Short description
Win32/TrojanDownloader.Agent.PUD is a trojan which tries to propagate certain web sites.Installation
When executed, the trojan copies itself into the following location:- %system%nt32inf12.exe
- [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
Run]
"nt32inf12.exe" = "%system%nt32inf12.exe"
- [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
Run]
"*" = "*nt32.exe*"
- netsh.exe firewall set allowedprogram %system%nt32inf12.exe ENABLE
Executable file infection
Win32/TrojanDownloader.Agent.PUD may infect executable files.The trojan infects the files by inserting its code at the beginning of the original program.
The trojan infects the files with program code that is downloaded from the Internet.
It infects the following files:
- *.exe
Other information
The trojan acquires data and commands from a remote computer or the Internet.The trojan can download and execute a file from the Internet. The trojan contains a list of (1) URLs. The HTTP protocol is used.
The trojan may create the following files:
- %system%printsys%variable1%.exe
- %system%explorer32%variable1%.exe
- %system%nt32%variable1%.exe
- %system%nt32in%variable1%.exe
- %system%tdmic%variable2%.dll
- %system%tdmic%variable2%.exe
- %system%printsys%variable1%.exe
- %system%explorer32%variable1%.exe
- %system%nt32%variable1%.exe
- %system%nt32in%variable1%.exe
- %system%tdmic%variable2%.dll
- %system%tdmic%variable2%.exe
- %temp%chiconunc.htm
- %temp%chiconcom.htm
- %temp%explorer32unc.htm
- %temp%explorer32com.htm
- %temp%nt32unc.htm
- %temp%nt32com.htm
- %temp%pigeonverunc.htm
- %temp%pigeonvercom.htm
- %temp%pigeonver.htm
- %temp%nt32infunc.htm
- %temp%nt32infcom.htm
- %temp%tdmicdllunc.htm
- %temp%tdmicdllcom.htm
- %temp%tdmicunc.htm
- %temp%tdmiccom.htm
- %temp%instrcom.htm
The trojan may execute the following commands:
- regsvr32.exe /s %system%tdmic%variable2%.dll
