Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Short description
Win32/Agent.PAR is a trojan that repeatedly tries to connect to various URL addresses. It tries to download several files from the addresses. The files are then executed. The file is run-time compressed using UPX .
Installation
The trojan does not create any copies of itself.

The following Registry entries are created:
  • [HKEY_LOCAL_MACHINE\Software\Microsoft]
    "kr_done1" = %variable%
A string with variable content is used instead of %variable% .
Information stealing
The trojan collects the following information:
  • operating system version
  • antivirus software detected on affected machine
  • RAS accounts
  • Internet Explorer version
The trojan can send the information to a remote machine.
Other information
The trojan is sent data and commands from a remote computer or the Internet. The trojan contains a list of (1) URLs.

The trojan tries to download and execute several files from the Internet. The HTTP protocol is used.

These are stored in the following locations:
  • %temp%\%random%.exe

A string with variable content is used instead of %random% .

The trojan creates the following files:
  • %system%\kr_done1