Selected viruses, spyware, and other threats: sorted alphabetically
Short descriptionWin32/Agent.RIZ is a trojan which tries to download other malware from the Internet.
InstallationThe trojan does not create any copies of itself.
Other informationThe trojan contains an URL address. It tries to download the other part of the infiltration from the address. The HTTP protocol is used.
The file is stored in the following location:
"Type" = 1
"ErrorControl" = 0
"Start" = 1
"Data" = %random%
"ImagePath" = "%windir%system32driversviddev.inf"
This causes the trojan to be executed on every system start.
The trojan creates and runs a new thread with its own program code within the following processes:
The trojan contains a list of (4) URLs.
The downloaded files contain encrypted executables.
After decryption, the trojan runs these files.