Win32/Agent.PWG [Threat Name] go to Threat

Win32/Agent.PWG [Threat Variant Name]

Category trojan
Size 12800 B
Detection created Jul 23, 2009
Detection database version 10662
Aliases VirTool:Win32/Obfuscator.UO (Microsoft)
Short description

The trojan has a simple payload. The trojan is usually a part of other malware.

Installation

The trojan does not create any copies of itself.

Other information

The trojan may set the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows NT\­CurrentVersion\­Windows]
    • "AppInit_DLLs" = "%originalvalue%, %variable%"

This way the trojan ensures that the libraries with the following names will be injected into all running processes:

  • %variable%

A string loaded from %allusersprofile%\desktop.ini is used instead of %variable% .


The trojan quits immediately if the executable file path contains one of the following strings:

  • explorer.exe
  • logonui.exe
  • lsass.exe
  • st.exe
  • system32
  • taskeng.exe
  • windows
  • winlogon.exe

Please enable Javascript to ensure correct displaying of this content and refresh this page.