Selected viruses, spyware, and other threats: sorted alphabetically
Short descriptionWin32/Agent.NPD installs a backdoor that can be controlled remotely.
InstallationWhen executed, the trojan drops the following files in the %system% folder:
The trojan registers itself as a system service using the following name:
- lamhost.dll (14336 B)
- nvpc32.exe (6656 B)
- nVidia Program Config
The trojan loads and injects the %system%\lamhost.dll library into the following processes:
The following Registry entries are created:
"Type" = 16
"Start" = 2
"ErrorControl" = 0
"ImagePath" = "%system%\nvpc32.exe"
Other informationThe trojan serves as a backdoor. It can be controlled remotely.
The trojan is sent data and commands from a remote computer or the Internet.
The trojan contains a list of (2) URLs.
It can execute the following operations:
The trojan creates the following files:
- terminate running processes
- run executable files
- download files from a remote computer and/or Internet
- send files to a remote computer
- send the list of disk devices and their type to a remote
- send the list of running processes to a remote computer
The trojan may create copies of itself using the following filenames:
A string with variable content is used instead of %variable% .
- %temp%\Del%variable%.tmp (26027 B)