Trojan-Dropper.Win32.Agent.arru is written by VC, using of PeCompact packers, length of Trojan-Dropper.Win32.Agent.arru is 34,322 bytes. Trojan-Dropper.Win32.Agent.arru would mainly spread through the file bundle , download manager , web page linked to trojan horse , etc., its main purpose is to release Trojan-Dropper.Win32.Agent.arru, download and run itself on user’s PC.
When PC is infected by Trojan-Dropper.Win32.Agent.arru, computer may restart in no reason, important files lost, system and network slowed , programs closed undue.
Infected Objects by Trojan-Dropper.Win32.Agent.arru
Windows 2000/Windows XP / Windows 2003/Windows Vista / Windows 7
Transmission of Trojan-Dropper.Win32.Agent.arru
Bundle file, web page linked to horse, download manager
1. manually delete the following files:
D: VolumeDH kisp2011.exe
% Temp% cdf1912.tmp
% Documents and Settings% Administrator Application Data A.tmp
% Documents and Settings% Administrator Application Data B.tmp
% Documents and Settings% Administrator Application Data lua 1.bat
% Documents and Settings% Administrator Application Data lua 2.bat
% Temp% tmp_ext.bat
% Temp% inl19.tmp
2. manually delete the following registry key:
HKEY_LOCAL_MACHINE SOFTWARE WinRAR
Name: tech1894 Data: tech1894
Name: udate data: the current date
Name: uid data: 0
Name: uname data: system
Variable declaration:
% SystemDriver% system where the partition, usually C:
% SystemRoot% WINDODWS directory, usually C: Windows
% Documents and Settings% user file directory, usually C: Documents and Settings
% Temp% temp folder, usually C: Documents and Settings current user name Local Settings Temp
% ProgramFiles% system program the default installation directory, typically: C: ProgramFiles
Files Created by Trojan-Dropper.Win32.Agent.arru:
D: VolumeDH kisp2011.exe
% Temp% cdf1912.tmp
% Documents and Settings% Administrator Application Data A.tmp
% Documents and Settings% Administrator Application Data B.tmp
% Documents and Settings% Administrator Application Data lua 1.bat
% Documents and Settings% Administrator Application Data lua 2.bat
% Temp% tmp_ext.bat
% Temp% inl19.tmp
Registry Branches Created by Trojan-Dropper.Win32.Agent.arru:
HKEY_LOCAL_MACHINE SOFTWARE WinRAR
Name: tech1894 Data: tech1894
Name: udate data: the current date
Name: uid data: 0
Name: uname data: system
Trojan-Dropper.Win32.Agent.arru Would Try to Access the Networks As Follow:
http://121 .***. 142.19:1000 / ipv.wav
http://download1 .***. com.cdn20.com/sxcms.exe
http://setup .***. com/install/pipi_73.exe
http://www .***. com/youbak/software/partner/9010/ddsp1.exe
References:
