Troj/Agent-OVJ

Troj/Agent-OVJ is a trojan that's often distributed as part of the Darkshell Trojan, although recent Troj/Agent-OVJ attacks have used malicious Windows Help files to install Troj/Agent-OVJ specifically. This may be of particular concern to PC users based in Italy and other Italian-predominant countries, since the Trojan that initiates the attack that installs Troj/Agent-OVJ has been seen using Italian-based file names to entice victims to launch Troj/Agent-OVJ. Even though Troj/Agent-OVJ can steal all keyboard-based information (and may have other capabilities related to compromising your PC's security), Troj/Agent-OVJ's attacks don't leave obvious symptoms for the eye to detect. SpywareRemove.com malware experts recommend keeping anti-malware software available for the purpose of detecting or deleting Troj/Agent-OVJ, not to mention the other two Trojans that are used to install Troj/Agent-OVJ in the first place.

When Searching for a Helping Hand Gets You a Stab in the Back with Troj/Agent-OVJ

While Troj/Agent-OVJ can be found in any infection that includes the Darkshell Trojan, the latest Troj/Agent-OVJ attacks have been seen using Help files as their favored means of distribution. These Help or HLP files, based on the defunct WinHelp system, remain compatible with most versions of Windows, including Windows 7. Launching these files, detected as Troj/HlpDrp-B (or, for heuristically-detected variants, Mal/HlpDrop-A) will cause a second Trojan dropper to be installed and launched while you're distracted by a generic error message. The second Trojan, Troj/DarkDrp-A, is responsible for installing Troj/Agent-OVJ – an activity that gives no symptoms and exploits a typical Windows process, cmd.exe, to remain hidden.

As the final payload in this attack, Troj/Agent-OVJ includes keylogging functions that allow Troj/Agent-OVJ to record all typed data to an external DAT file named 'UserData'.' SpywareRemove.com malware researchers have confirmed that this information is later sent to a server that's had a history of involvement with malicious software and other types of PC threats. This can result in passwords, e-mail addresses and other forms of confidential information being leaked to criminals and used in additional attacks.

Turning to the Actual Aid That Can Wipe Troj/Agent-OVJ's Thievery Off the Map

Troj/Agent-OVJ doesn't show symptoms of its keylogging attacks and, like any competent keylogger, launches itself automatically. As such, SpywareRemove.com malware research team suggests that you assume that Troj/Agent-OVJ is active after any attack similar to the one described above, unless your anti-malware programs can determine otherwise. Deleting Troj/Agent-OVJ and the other Trojans mentioned in this article should be left to anti-malware software whenever possible, although updated databases may be required – since Troj/Agent-OVJ, Troj/HlpDrp-B and Troj/DarkDrp-A were each detected late in August of 2012.

Troj/Agent-OVJ can be detected by aliases including BDS/Backdoor.Gen and Trojan.Win32.Agent.akmm, with variants of Troj/Agent-OVJ identified behaviorally by the name Mal/DarkShell-A. Also, SpywareRemove.com malware experts warn against confusing Troj/Agent-OVJ with a Recycling Bin component, given Troj/Agent-OVJ's usage of the intentionally-misleading name of 'Recycler.DLL'.