Win32/Agent.ZXC [Threat Name] go to Threat

Win32/Agent.ZXC [Threat Variant Name]

Category trojan
Size 18944 B
Detection created Aug 27, 2018
Detection database version 17954
Aliases Trojan.Win32.Cossta.ndw (Kasperski)
  Trojan.DownLoad2.45157 (Dr.Web)
Short description

Win32/Agent.ZXC is a trojan that can interfere with the operation of certain applications. The trojan blocks calls to certain numbers.

Installation

When executed, the trojan copies itself into the following location:

  • %startup%\­%variable%.exe

A string with variable content is used instead of %variable% .


This causes the trojan to be executed on every system start.

Other information

Win32/Agent.ZXC is a trojan that can interfere with the operation of certain applications.


The trojan blocks calls to certain numbers.


The following services are disabled:

  • RasMan
  • TapiSrv

The following files are deleted:

  • %commonappdata%\­Microsoft\­Network\­Connections\­Pbk\­*.pbk

The trojan may set the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­SYSTEM\­CurrentControlSet\­Services\­RasMan]
    • "ImagePath" = %hexvalue1%
  • [HKEY_LOCAL_MACHINE\­SYSTEM\­ControlSet001\­Services\­RasMan]
    • "ImagePath" = %hexvalue2%
  • [HKEY_LOCAL_MACHINE\­SYSTEM\­ControlSet002\­Services\­RasMan]
    • "ImagePath" = %hexvalue3%
  • [HKEY_LOCAL_MACHINE\­SYSTEM\­CurrentControlSet\­Services\­TapiSrv]
    • "ImagePath" = %hexvalue4%
  • [HKEY_LOCAL_MACHINE\­SYSTEM\­ControlSet001\­Services\­TapiSrv]
    • "ImagePath" = %hexvalue5%
  • [HKEY_LOCAL_MACHINE\­SYSTEM\­ControlSet002\­Services\­TapiSrv]
    • "ImagePath" = %hexvalue6%

Please enable Javascript to ensure correct displaying of this content and refresh this page.