Selected viruses, spyware, and other threats: sorted alphabetically
Short descriptionWin32/Agent.ODG is a trojan used for delivery of unsolicited advertisements. The trojan is sent data and commands from a remote computer or the Internet. It uses techniques common for rootkits.
InstallationWhen executed, the trojan drops the following files in the %system% folder:
The libraries are loaded and injected into the following processes:
- TDSSl.dll (17408 B)
- tdssc2cf.dll (46620 B)
- tdssadw.dll (32768 B)
- tdssmain.dll (10240 B)
- tdssserf.dll (12288 B)
The following file is dropped into the %system%\drivers\ folder:
Installs the following system drivers:
- TDSSserv.sys (36352 B)
The following Registry entries are created:
A string with variable content is used instead of %number1-2%, %variable1-6% .
"Start" = %number1%
"Type" = %number2%
"ImagePath" = "%system%\drivers\TDSSserv.sys"
Information stealingWin32/Agent.ODG is a trojan that steals sensitive information.
The following information is collected:
The trojan can send the information to a remote machine.
- recently visited URLs
Other informationThe trojan blocks access to the following sites:
The trojan terminates specific running processes.
The trojan alters the behavior of the following processes:
The user may be redirected to one of the following Internet web sites:
The trojan tries to download and execute several files from the Internet. The trojan contains a list of (3) URLs. The HTTP protocol is used.
The trojan hides files and Registry entries which contain one of the following strings in their name: