Win32/Agent.OWD [Threat Name] go to Threat

Win32/Agent.OWD [Threat Variant Name]

Category trojan
Size 30208 B
Detection created Feb 12, 2009
Detection database version 3849
Aliases Trojan.Win32.Zapchast.pbs (Kaspersky)
  VirTool:Win32/BeeInject (Microsoft)
Short description

The trojan serves as a backdoor. It can be controlled remotely. The trojan is usually a part of other malware.

Installation

When executed, the trojan creates the following files:

  • %temp%\­googlesetup.dll (25600 B)
  • %commonstartmenu%\­googleservice.exe (4096 B)
  • %commonappdata%\­google\­googleservice.dll (17408 B)

The trojan may create the following files:

  • %startmenu%\­googleservice.exe (4096 B)
  • %appdata%\­google\­googleservice.dll (17408 B)
  • C:\­Program Files\­Internet Explorer\­file.dat

The trojan can create and run a new thread with its own program code within the following processes:

  • explorer.exe

The trojan launches the following processes:

  • C:\­Program Files\­Internet Explorer\­iexplore.exe

The trojan creates and runs a new thread with its own code within these running processes.

Information stealing

The trojan collects the following information:

  • computer name
  • list of running processes

The trojan can send the information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains an URL address. The HTTP protocol is used in the communication.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • remove itself from the infected computer
  • terminate running processes

Please enable Javascript to ensure correct displaying of this content and refresh this page.