Operating System » MS Windows » Windows - Virus Protection » Alert: Computer Virus Outbreaks » Trojan horse Agent BOY Computer Virus

Trojan horse Agent BOY Computer Virus

Like all baddies in the movies, he has many aliases... Cutwail.B, Cutwail.C, Cutwail.M, Troj / Pushdo-B, Trojan.Win32.Agent.auh, Spy-Agent.bv.gen,
Trojan.Pandex, TR / Ntech.B and Troj / Agent-FZG, Trojan.Kobcka.A, W32 / Downldr2.AOUA and Trojan.Pakes.BMP.

This Trojan may be downloaded unknowingly by a user when visiting malicious Web sites. It creates registry entries to enable its automatic execution at every system startup. It generates random URLs where it attempts to download and execute possibly malicious files from the Internet. It also uses rootkit technology to hide its dropped files - which makes it difficult to detect by AV. Once it is able to install, Agent BOY starts spamming other computers.

Tell Tale signs of the presents of Agent BOY...
%System% 3_exception.nls
%System% drivers runtime.sys
%Temporary% startdrv.exe
C: %WINDOWS% Temp startdrv.exe

Even Anti-Virus maybe able to pickup and remove startdrv.exe. Each time we restart the computer, Agent BOY will re-introduce it back.

Finally managed to remove it using ComboFix.exe.

Updated On: 12.07.11

Leave your message, comment or feedback:
Your Name (shown) & Your E-mail (hidden) is used only to alert you when someone reply your message.