Win32 Agent is a spy Trojan that remains hidden from the user and downloads malware to the infected computer system leading to frequent system crash and slow performance of the system.
Description
Win32 Agent is a Trojan that copies itself on several locations on the hard drive of a computer system. It writes the executable files in system32 directory of windows, in the temporary directory, creates new entries, and modifies the existing entries in the system registry, allowing it to run at every startup.
Risk Assessment
Home Users – LOW
Corporate Users – LOW
Trojan Characteristics
Filename: unknown
Type: Trojan
Detection: Spy-Agent
Length: 180 Kb
Common Detection Names
Microsoft worm:win32/swimnag.gen
Kaspersky/vba32 Trojan.Win32
AVG (GriSoft)/Symantec Trojan horse
Panda Trj/CI.A
Eset Win32/Agent
Activity
Win32 Agent enumerates the list of the open window and running processes on the computer system and shares the memory of these processes to run its own code. In this manner, it remains hidden from the user.
How it Works
Since, Trojans attempt to execute themselves in the background, they doesn’t require user intervention. As a result, they remain hidden from the user, unless detected by an antivirus, a Trojan remover or a malware remover. Win32 Agent works by copying several files in the windows\system32 directory and in the temp directory. It then creates a new registry entry in the system registry HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\currentversion\winlogon\notify\dddcaabddebacd\ and adds a number of new values corresponding to this new entry like, logoff, logon, startup, shutdown and many other values.
It also modifies the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\currentversion\winlogon entry present in the system registry with a new value.
Removal Instructions
Like other Trojans, Win32 Agent also makes changes to the system registry. Therefore, it is necessary to use software that deletes the new entries created by the Trojan and changes the modified registry values to their original value. I recommend using Trojan Remover as I have myself tested the software. Download Trojan Remover and update it first. Then, perform a quick scan of the computer system followed by a complete scan of the hard drive to remove any traces of the Win32 Agent Trojan left in the system.
As a safety measure, download and install SpyBot to remove any spyware or adware present in your computer system. You can also use McAfee to remove such Trojans, as it is capable of effectively remove such Trojans and also revert back the changes made in the system registry.