Win32/Agent.OJO [Threat Name] go to Threat

Win32/Agent.OJO [Threat Variant Name]

Category trojan,virus
Size 16384 B
Detection created Nov 03, 2008
Detection database version 3578
Aliases Backdoor.Win32.Agent.tig (Kaspersky)
  BackDoor.Agent.ABZI (AVG)
  Win32:Delicium (Avast)
Short description

Win32/Agent.OJO is a trojan which deletes files with specific file extensions. The file is run-time compressed using UPX .

Installation

The trojan is usually a part of other malware.


The trojan does not create any copies of itself.

Payload information

Win32/Agent.OJO is a trojan which deletes files with specific file extensions.


The trojan searches local drives for files with the following file extensions:

  • *.*

The trojan deletes files with the following extensions:

  • .3ds
  • .rar
  • .zip
  • .cad
  • .gif
  • .psd
  • .pdf
  • .java
  • .jsp
  • .aspx
  • .asp
  • .css
  • .jar
  • .vb
  • .3gp
  • .mpg
  • .avi
  • .ppt
  • .APP
  • .fla
  • .as
  • .sis
  • .mp3
  • .wmv
  • .frm
  • .jpg
  • .doc
  • .mdb
  • .xls
Other information

The trojan may set the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • ".Net Recovery" = "rundll32.exe dotnetfx.dll,repair"
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft]
    • "(Default)" = "%variable%"

A string with variable content is used instead of %variable% .

Please enable Javascript to ensure correct displaying of this content and refresh this page.