Home Malware Programs Viruses Agentdoc.c

Agentdoc.c

Posted: June 22, 2011

Agentdoc.c is a Trojan that installs malicious software on your PC, without your consent. Rootkit-based techniques help Agentdoc.c avoid detection, although an initial Agentdoc.c attack may begin with the appearance of a Word document written in Chinese or Japanese. Agentdoc.c infections can record keystrokes and run whenever Windows starts. As a serious threat to both your privacy and your computer's security, you should delete Agentdoc.c with an anti-malware application, whenever you think Agentdoc.c might be on your PC.

The Invisible Agentdoc.c Threat

Although Agentdoc.c is an infection that was first seen in 2006 and may be incapable of infecting the recent operating systems, Agentdoc.c uses surprisingly sophisticated techniques to harm your computer. Agentdoc.c has been confirmed to attack Windows operating systems ranging from Windows 95 up to Windows XP, and can still present a dangerous hazard to PC security.

As a Trojan, Agentdoc.c's main purpose is to download and install other malicious applications onto your computer. However, most Agentdoc.c infections can escape notice, by using rootkit-based techniques to hide themselves. Agentdoc.c will run as a service whenever Windows starts, but you may not see any Agentdoc.c memory processes, or other observable signs of Agentdoc.c being active. This rootkit-based evasion can also hide Agentdoc.c's Windows Registry entries.

If you do manage to see an Agentdoc.c file, this file may use an icon similar to one that's used for standard Word documents. The icon in use doesn't necessarily determine the file type of the Agentdoc.c file.

Agentdoc.c's Keyboard-Spying Misadventures

Besides using rootkit components, Agentdoc.c will also install a keylogger. Keyloggers can record keyboard-based information such as keystrokes, usually in an attempt to gather passwords and other personal information. This information is stored on your PC in a local file, before Agentdoc.c sends it out to a remote criminal.

Agentdoc.c may also download and install other harmful programs, and uses .dll files to complicate Agentdoc.c's removal. Removing Agentdoc.c you should use a trusted anti-virus program when such a program is available, with full threat database updates to insure that all threats are detected. Using Safe Mode may also help you delete Agentdoc.c threats. If you delete Agentdoc.c manually, you may find your PC subjected to other errors, while partial Agentdoc.c components are still on your hard drive.

Given the continuous activity and monitoring of Agentdoc.c, you should consider all private data on an infected computer to be vulnerable, until you've verified that Agentdoc.c is deleted.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 dbacf.exe
    2 icesword.exe
    3 nbsanovj.dll
    4 nbsanovj.drv
    5 nbsanovj.sys
    6 nbsanovj.tmp

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NBSANOVJHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sens\Parameters\ServiceDll=%System%\nbsanovj.dllHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nbsanovjHKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NBSANOVJHKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nbsanovjHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NBSANOVJHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sens\Parameters\ServiceDll=%System%\nbsanovj.dllHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nbsanovj

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Agentdoc.c may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.