What is Win32 Agent?

Article by sategroup (8,060 pts ) , published Sep 8, 2009

Win32 Agent is a spy Trojan that remains hidden from the user and downloads malware to the infected computer system leading to frequent system crash and slow performance of the system.

Description

win32 Agent

Win32 Agent is a Trojan that copies itself on several locations on the hard drive of a computer system. It writes the executable files in system32 directory of windows, in the temporary directory, creates new entries, and modifies the existing entries in the system registry, allowing it to run at every startup.

Risk Assessment

Home Users – LOW

Corporate Users – LOW

Trojan Characteristics

Filename: unknown

Type: Trojan

Detection: Spy-Agent

Length: 180 Kb

Common Detection Names

Microsoft worm:win32/swimnag.gen

Kaspersky/vba32 Trojan.Win32

AVG (GriSoft)/Symantec Trojan horse

Panda Trj/CI.A

Eset Win32/Agent

Activity

Win32 Agent enumerates the list of the open window and running processes on the computer system and shares the memory of these processes to run its own code. In this manner, it remains hidden from the user.

How it Works

Since, Trojans attempt to execute themselves in the background, they doesn’t require user intervention. As a result, they remain hidden from the user, unless detected by an antivirus, a Trojan remover or a malware remover. Win32 Agent works by copying several files in the windows\system32 directory and in the temp directory. It then creates a new registry entry in the system registry HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\currentversion\winlogon\notify\dddcaabddebacd\ and adds a number of new values corresponding to this new entry like, logoff, logon, startup, shutdown and many other values.

It also modifies the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\currentversion\winlogon entry present in the system registry with a new value.

Removal Instructions

Like other Trojans, Win32 Agent also makes changes to the system registry. Therefore, it is necessary to use software that deletes the new entries created by the Trojan and changes the modified registry values to their original value. I recommend using Trojan Remover as I have myself tested the software. Download Trojan Remover and update it first. Then, perform a quick scan of the computer system followed by a complete scan of the hard drive to remove any traces of the Win32 Agent Trojan left in the system.

As a safety measure, download and install SpyBot to remove any spyware or adware present in your computer system. You can also use McAfee to remove such Trojans, as it is capable of effectively remove such Trojans and also revert back the changes made in the system registry.

 
Subscribe to Computer Security
RSS
Get free weekly updates, directly to your inbox.
Browse Computer Security