تفضل إمسح التالي (لديك trojan horse(
Troj/Agent-DLW Trojan
Summary
https://www.sophos.com/images/interface/site/round-blue-tl.gifhttps://www.sophos.com/images/interface/site/round-blue-tr.gif Summary
https://www.sophos.com/images/interface/site/round-grey-tl-lite.gifhttps://www.sophos.com/images/interface/site/round-grey-tr-lite.gif Description (https://www.sophos.com/security/analyses/trojagentdlw.html#table2)
https://www.sophos.com/images/interface/site/round-grey-tl-lite.gifhttps://www.sophos.com/images/interface/site/round-grey-tr-lite.gif Recovery (https://www.sophos.com/security/analyses/trojagentdlw.html#table3)
https://www.sophos.com/images/interface/site/round-grey-tl-lite.gifhttps://www.sophos.com/images/interface/site/round-grey-tr-lite.gif Advanced (https://www.sophos.com/security/analyses/trojagentdlw.html#table4)
Name Troj/Agent-DLW Type
Trojan (https://www.sophos.com/security/glossary/t.html#trojan) Affected operating systems
Windows Side effects
Downloads code from the internet
Installs itself in the Registry
Leaves non-infected files on computer Aliases
Trojan.Win32.Agent.zl Protection available since 12 October 2006 08:21:51 (GMT) Detected by All versions of Sophos Anti-Virus (https://www.sophos.com/products/es/endpoint/sav.html) Included in our products from November 2006 (4.11)
Description
https://www.sophos.com/images/interface/site/round-grey-tl-lite.gifhttps://www.sophos.com/images/interface/site/round-grey-tr-lite.gif Summary (https://www.sophos.com/security/analyses/trojagentdlw.html#table1)
https://www.sophos.com/images/interface/site/round-blue-tl.gifhttps://www.sophos.com/images/interface/site/round-blue-tr.gif Description
https://www.sophos.com/images/interface/site/round-grey-tl-lite.gifhttps://www.sophos.com/images/interface/site/round-grey-tr-lite.gif Recovery (https://www.sophos.com/security/analyses/trojagentdlw.html#table3)
https://www.sophos.com/images/interface/site/round-grey-tl-lite.gifhttps://www.sophos.com/images/interface/site/round-grey-tr-lite.gif Advanced (https://www.sophos.com/security/analyses/trojagentdlw.html#table4)
This section helps you to understand how it behaves
Troj/Agent-DLW is a Trojan for the Windows platform.
Recovery
https://www.sophos.com/images/interface/site/round-grey-tl-lite.gifhttps://www.sophos.com/images/interface/site/round-grey-tr-lite.gif Summary (https://www.sophos.com/security/analyses/trojagentdlw.html#table1)
https://www.sophos.com/images/interface/site/round-grey-tl-lite.gifhttps://www.sophos.com/images/interface/site/round-grey-tr-lite.gif Description (https://www.sophos.com/security/analyses/trojagentdlw.html#table2)
https://www.sophos.com/images/interface/site/round-blue-tl.gifhttps://www.sophos.com/images/interface/site/round-blue-tr.gif Recovery
https://www.sophos.com/images/interface/site/round-grey-tl-lite.gifhttps://www.sophos.com/images/interface/site/round-grey-tr-lite.gif Advanced (https://www.sophos.com/security/analyses/trojagentdlw.html#table4)
This section tells you how to remove the threat.
Please follow the instructions for removing Trojans (https://www.sophos.com/support/disinfection/trojan.html).
Advanced
https://www.sophos.com/images/interface/site/round-grey-tl-lite.gifhttps://www.sophos.com/images/interface/site/round-grey-tr-lite.gif Summary (https://www.sophos.com/security/analyses/trojagentdlw.html#table1)
https://www.sophos.com/images/interface/site/round-grey-tl-lite.gifhttps://www.sophos.com/images/interface/site/round-grey-tr-lite.gif Description (https://www.sophos.com/security/analyses/trojagentdlw.html#table2)
https://www.sophos.com/images/interface/site/round-grey-tl-lite.gifhttps://www.sophos.com/images/interface/site/round-grey-tr-lite.gif Recovery (https://www.sophos.com/security/analyses/trojagentdlw.html#table3)
https://www.sophos.com/images/interface/site/round-blue-tl.gifhttps://www.sophos.com/images/interface/site/round-blue-tr.gif Advanced
This section is for technical experts who want to know more.
Troj/Agent-DLW is a Trojan for the Windows platform.
When run Troj/Agent-DLW creates the following files:
<Temp>\iedw.dll
<Temp>\server.exe
<Program Files>\Internet Explorer\hmmapi.exe
<Program Files>\Internet Explorer\iedw.exe
<Program Files>\Internet Explorer\iedw.dll
<Program Files>\Windows Media Player\iedw.exe
<Program Files>\Windows Media Player\setup_wm.dll
These files are detected as Troj/Agent-DLW.
<Temp>\KooWoLyricBind_hy_lyric_025.exe
<Temp>\UserID.txt
<Users>\Application Data\Adobe\UserID.txt
<Program Files>\Internet Explorer\Setup.inf
<System>\HTTPDll.dll
<System>\lrcsys.exe
<System>\Plugin.ini
<System>\YHBO.dll
<Application Data>\Microsoft\Internet Explorer\Quick Launch\
<random characters>Internet Explorer<random characters>.lnk
These files can be safely deleted.
Troj/Agent-DLW includes functionality to:
- download code from the internet
- inject code into system processes
Registry entries are created under:
HKCR\AppID\BHO.DLL
HKCR\AppID\HTTPDll.DLL
HKCR\AppID\(51450752-E1D1-4DCA-804A-636000845064)
HKCR\AppID\(E00EDD4C-4879-42C6-BE02-A563421D0175)
HKCR\BHO.BHOImp.1
HKCR\BHO.BHOImp
HKCR\CLSID\(5CAC4E80-A015-41C8-8796-047BE272AC04)
HKCR\CLSID\(70AFF2CB-9DA2-499C-8D15-900729FCE83D)
HKCR\HTTPDll.HttpReqeust.1
HKCR\HTTPDll.HttpReqeust
HKCR\Interface\(030DAC98-434F-4802-BECD-96CA7B09271E)
HKCR\Interface\(33EC91FB-CAA5-4EAA-905B-E485D4D37694)
HKCR\TypeLib\(4A318EAA-90C7-408B-AD6A-04AA49CEE043)
HKCR\TypeLib\(C03A8B3C-7959-447C-A6C3-351660B23BF0)
HKLM\SOFTWARE\KooWo
https://www.sophos.com/security/analyses/trojagentdlw.html