Backdoor.Win32.Agent.ago
Backdoor.Win32.Agent.ago is a dangerous backdoor trojan that runs in the background and can even enable a hacker to get remote access to the targeted computer. Backdoor.Win32.Agent.ago will download files to the computer without user's consent, which will lead to security risk. Backdoor.Win32.Agent.ago does not use network resources to propagate, but can propagate through a network by attaching itself to other computer malware. A payload of the Backdoor.Win32.Agent.ago can be just as destroying.
File System Modifications
- The following files were created in the system:
# File Name 1 %System%\_sv_.exe 2 %System%\drivers\_sv_.sy [file and pathname of the sample #1]
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\_sv_HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\_sv_HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NtfscoreHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ntfscore\SecurityHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\_sv_HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ExplorerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.