Selected viruses, spyware, and other threats: sorted alphabetically
Short descriptionWin32/Agent.GCI is a trojan which tries to download other malware from the Internet. The file is run-time compressed using PECompact .
InstallationWhen executed, the trojan copies itself into the following location:
In order to be executed on every system start, the trojan sets the following Registry entry:
The following Registry entries are created:
"csrss" = "%system%\wbem\csrss.exe"
"2500" = 3
Information stealingThe trojan collects the following information:
The trojan can send the information to a remote machine.
- operating system version
- Internet Explorer version
- Mozilla Firefox version
- type of Internet connection
- current screen resolution
Other informationThe trojan is sent data and commands from a remote computer or the Internet.
The trojan contains a list of (3) URLs.
The trojan tries to download and execute several files from the Internet. The HTTP protocol is used.
These are stored in the following locations:
A string with variable content is used instead of %variable1-2%, %filename% .
The trojan creates the following files:
The following services are disabled: