Selected viruses, spyware, and other threats: sorted alphabetically
Short descriptionWin32/Agent.PAR is a trojan that repeatedly tries to connect to various URL addresses. It tries to download several files from the addresses. The files are then executed. The file is run-time compressed using UPX .
InstallationThe trojan does not create any copies of itself.
The following Registry entries are created:
A string with variable content is used instead of %variable% .
"kr_done1" = %variable%
Information stealingThe trojan collects the following information:
The trojan can send the information to a remote machine.
- operating system version
- antivirus software detected on affected machine
- RAS accounts
- Internet Explorer version
Other informationThe trojan is sent data and commands from a remote computer or the Internet. The trojan contains a list of (1) URLs.
The trojan tries to download and execute several files from the Internet. The HTTP protocol is used.
These are stored in the following locations:
A string with variable content is used instead of %random% .
The trojan creates the following files: