Win32/Spy.Agent.OCV [Threat Name] go to Threat

Win32/Spy.Agent.OCV [Threat Variant Name]

Category trojan
Size 224411 B
Detection created Mar 11, 2013
Detection database version 8102
Aliases TrojanSpy:Win32/Hanove.F (Microsoft)
Short description

Win32/Spy.Agent.OCV is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

The trojan does not create any copies of itself.


The trojan creates the following files:

  • %temp%\­dllSp.lnk
  • %commonstartup%\­dllSp.lnk
  • %startup%\­dllSp.lnk

These are shortcuts to files of the trojan .


This causes the trojan to be executed on every system start.

Information stealing

The trojan is able to log keystrokes.


The collected information is stored in the following files:

  • %appdata%\­WinAPI\­preflog.ecf
  • %appdata%\­WinAPI\­preflog1.ecf

The trojan attempts to send gathered information to a remote machine.


The trojan contains a URL address. The HTTP protocol is used.

Please enable Javascript to ensure correct displaying of this content and refresh this page.