Trojan-Downloader.Win32.Agent.ahoe
Posted: August 6, 2009
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to
give every identifiable malware threat. Our Threat Meter includes several criteria based off of
specific malware threats to value their severity, reach and volume. The Threat Meter is able to give
you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count,
Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic
breakdown of how all threats are ranked within our own extensive malware database. The scoring for
each specific malware threat can be easily compared to other emerging threats to draw a contrast in
its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to
remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 385 |
|---|---|
| Threat Level: | 8/10 |
| Infected PCs: | 1,282,194 |
| First Seen: | July 24, 2009 |
|---|---|
| Last Seen: | March 10, 2025 |
| OS(es) Affected: | Windows |
Trojan-Downloader.Win32.Agent.ahoe is a trojan virus that downloads malicious content from the Internet and executes them on the infected computer without your knowledge or consent. In order to ensure that Trojan-Downloader.Win32.Agent.ahoe is launched at the beginning of every Windows start-up phase, the parasite modifies the registry entries. Trojan-Downloader.Win32.Agent.ahoe is currently found as an infection detected by the rogue anti-spyware program called Windows Antivirus Pro.
Aliases
Downloader.Generic12.XJL [AVG]W32/Downloader_x.GCN!tr [Fortinet]TR/Agent.dpp.2 [AntiVir]HEUR:Trojan.Win32.Generic [Kaspersky]Win32.TRAgent.Dpp [eSafe]Win32:Agent-APGZ [Trj] [Avast]Generic.dx!bcx4 [McAfee]Trojan.SuspectCRC [Ikarus]Win-Clicker/Agent.499712 [AhnLab-V3]TR/Gendal.kdv.300198 [AntiVir]Trojan.DownLoader4.23247 [DrWeb]Trojan.Generic.KDV.300198 [BitDefender]Win32.WS.Reputation [eSafe]Artemis!764155503436 [McAfee]Trj/Downloader.QBT [Panda]
More aliases (1282)
More aliases (1282)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%SYSTEMDRIVE%\Users\<username>\appdata\local\temp\is-6ks2l.tmp\tcharar.exe
File name: tcharar.exeSize: 992.09 KB (992091 bytes)
MD5: fb499993c46f50b75f102d5d59b61eb2
Detection count: 23,243
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\Users\<username>\appdata\local\temp\is-6ks2l.tmp\tcharar.exe
Group: Malware file
Last Updated: September 12, 2023
C:\WINDOWS\SysWOW64\NetUpdService.exe
File name: NetUpdService.exeSize: 2.95 MB (2956288 bytes)
MD5: ac9fa3514f1313c92ae5a52938a50d9a
Detection count: 3,469
File type: Executable File
Mime Type: unknown/exe
Path: C:\WINDOWS\SysWOW64\NetUpdService.exe
Group: Malware file
Last Updated: September 18, 2023
%SYSTEMDRIVE%\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Client.exe
File name: Client.exeSize: 58.88 KB (58880 bytes)
MD5: 1362cac64386ac917c3b91e29749740f
Detection count: 115
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Client.exe
Group: Malware file
Last Updated: June 26, 2020
iOmm100.exe
File name: iOmm100.exeSize: 53.24 KB (53248 bytes)
MD5: 315dbe28016a28842556704148eba158
Detection count: 95
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 23, 2010
ikwnmb.exe
File name: ikwnmb.exeSize: 126.46 KB (126464 bytes)
MD5: dcb43c208a13b5c1cccebce576987b26
Detection count: 90
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: April 1, 2010
dealassistant.exe
File name: dealassistant.exeSize: 934.06 KB (934061 bytes)
MD5: 1ae1c57db53066c7e1ef5076bb9b1b8b
Detection count: 81
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: April 15, 2010
retadpu1002397.exe
File name: retadpu1002397.exeSize: 35.84 KB (35840 bytes)
MD5: dde8bfd270ffeea1c763d1827734d0e4
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: April 27, 2010
mrofinu1000106.exe
File name: mrofinu1000106.exeSize: 37.37 KB (37376 bytes)
MD5: 3e9f2da6cd3519cb9320f9ba8ed92c72
Detection count: 72
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: April 27, 2010
retadpu77.exe
File name: retadpu77.exeSize: 40.96 KB (40960 bytes)
MD5: fc83423421cd2d1b09955e3aee7f29cf
Detection count: 70
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: April 27, 2010
C:\Windows\SysWOW64\TssWpfWrp.exe
File name: TssWpfWrp.exeSize: 40.96 KB (40960 bytes)
MD5: d017768239636f67bfafd5e02ec53918
Detection count: 68
File type: Executable File
Mime Type: unknown/exe
Path: C:\Windows\SysWOW64\TssWpfWrp.exe
Group: Malware file
Last Updated: October 21, 2022
%LOCALAPPDATA%\MFTCompilerData\CasPol.exe
File name: CasPol.exeSize: 115.2 KB (115200 bytes)
MD5: a7aaf4d9e10897faded9a4727a626900
Detection count: 63
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\MFTCompilerData
Group: Malware file
Last Updated: April 7, 2017
msmsgs.exe
File name: msmsgs.exeSize: 57.34 KB (57344 bytes)
MD5: 2ab1867e8b59176adbac333f6357e978
Detection count: 60
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 19, 2010
C:\Program Files (x86)\Proxyfilter\Proxyfilter\digital1610_Good_11cr13.exe
File name: digital1610_Good_11cr13.exeSize: 667.64 KB (667648 bytes)
MD5: 35164e8135d144bf04395e62461d2a0e
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Path: C:\Program Files (x86)\Proxyfilter\Proxyfilter\digital1610_Good_11cr13.exe
Group: Malware file
Last Updated: August 11, 2024
%LOCALAPPDATA%\Default Folder\Server.exe
File name: Server.exeSize: 808.44 KB (808448 bytes)
MD5: 7f5b5834f8e8a25b7b6586b86091b72d
Detection count: 47
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\Default Folder
Group: Malware file
Last Updated: December 23, 2016
C:\ProgramData\{X3UUG6E2-QB4Z-35Z0-KFUNRZT0Y84D}\AGSService.exe
File name: AGSService.exeMD5: 2d364060d6b042250a351507c0b6d556
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: C:\ProgramData\{X3UUG6E2-QB4Z-35Z0-KFUNRZT0Y84D}
Group: Malware file
Last Updated: October 17, 2018
C:\Users\<username>\Desktop\WindowsDefenderUpdate.exe
File name: WindowsDefenderUpdate.exeSize: 325.63 KB (325632 bytes)
MD5: 844430aac97001ca90f1e319711ba820
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\Desktop
Group: Malware file
Last Updated: May 16, 2018
%WINDIR%\TEMP\g666.tmp.exe
File name: g666.tmp.exeSize: 239.1 KB (239104 bytes)
MD5: c7d0fd72924d39d78010aa13e5f1e3bf
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\TEMP
Group: Malware file
Last Updated: March 17, 2020
c:\Users\<username>\appdata\roaming\get.exe
File name: get.exeSize: 67.35 KB (67357 bytes)
MD5: cd49e0979be34d51eee3606438184f52
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: c:\Users\<username>\appdata\roaming
Group: Malware file
Last Updated: November 7, 2018
F:\5094385635852288\4b3f7176cfd3fb818f8e4780b9ded838de5ff6d8cf01865d59fc68fb4c0e0424
File name: 4b3f7176cfd3fb818f8e4780b9ded838de5ff6d8cf01865d59fc68fb4c0e0424Size: 343.04 KB (343040 bytes)
MD5: 00e7325c6b03ae161c5fbf755fa14739
Detection count: 7
Path: F:\5094385635852288\4b3f7176cfd3fb818f8e4780b9ded838de5ff6d8cf01865d59fc68fb4c0e0424
Group: Malware file
Last Updated: March 25, 2021
More files
Registry Modifications
The following newly produced Registry Values are:
File name without pathfja9sdfh.exehhb91hih.exej0192udlkhas.exepdqjw9d8as123hdk.exepqjw9d8123hk.exesvb98s12e.exesvb98s15e.exesvj9812e.exeRegexp file mask%ALLUSERSPROFILE%\FXGuard\fxnet.exe%APPDATA%\Alianz.exe%APPDATA%\fileSystem.exe%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\directxwebpack.exe%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\newcpuchecker.js%APPDATA%\syse.sys%APPDATA%\workk.exe%HOMEDRIVE%\ntldr~[RANDOM CHARACTERS]%HOMEDRIVE%\smartdata\bbaassd.exe%HOMEDRIVE%\smartdata\fasfd.exe%HOMEDRIVE%\SmartData\fhalslk.dll%HOMEDRIVE%\SmartData\performer.exe%HOMEDRIVE%\SmartData\servicer.exe%HOMEDRIVE%\SmartData\svchost_ms.exe%LOCALAPPDATA%\Audiodg\audiodgs.exe%LOCALAPPDATA%\bbuy.exe%LOCALAPPDATA%\Default Folder\server.exe%LOCALAPPDATA%\Microsoft\TaskPlay\caches.dat%LOCALAPPDATA%\VirtualStore\ntldr~[RANDOM CHARACTERS]%LOCALAPPDATA%\WServices\performer.exe%LOCALAPPDATA%\WServices\smaters.exe%LOCALAPPDATA%\WServices\svsmst.exe%Programfiles%\fuwu.exe%PROGRAMFILES%\WindowsPowerShell\Configuration\Registration\svhost.exe%PROGRAMFILES(x86)%\smartdata\asdd.exe%PROGRAMFILES(x86)%\smartdata\asdffdf.exe%PROGRAMFILES(x86)%\smartdata\bbaassd.exe%PROGRAMFILES(x86)%\smartdata\fasfd.exe%PROGRAMFILES(x86)%\smartdata\fsadfsadfsdf.exe%PROGRAMFILES(x86)%\smartdata\gagadsfgafg.exe%PROGRAMFILES(x86)%\SmartData\performer.exe%PROGRAMFILES(x86)%\smartdata\servicer.exe%PROGRAMFILES(x86)%\smartdata\svchost_ms.exe%PROGRAMFILES(x86)%\WindowsPowerShell\Configuration\Registration\svhost.exe%TEMP%\networkservice.exe%WINDIR%\gdp32.exe%WINDIR%\imgsvc\imgsvc.exe%WINDIR%\lsasc.exe%WINDIR%\sysde32.exe%WINDIR%\System32\NetUpdService.exe%WINDIR%\system32\show.exe%WINDIR%\system32\wbem\123.bat%WINDIR%\System32\wmiex.exe%WINDIR%\sysve32.exe%WINDIR%\SysWoW64\NetUpdService.exe%WINDIR%\SysWOW64\wmiex.exe%WINDIR%\temp\bestfile1.exe%WINDIR%\Temp\y2b.exe%WINDIR%\winmds.exeHKEY..\..\..\..{RegistryKeys}SOFTWARE\MachinerSOFTWARE\MaxPlugs\EmmailSOFTWARE\Microsoft\Windows\CurrentVersion\Run\Window UpdateSOFTWARE\Wow6432Node\MachinerSOFTWARE\WOW6432Node\MaxPlugs\EmmailSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Window UpdateHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}eMail Extractor_is1Emoticons Mail_is1{88826714-E1D9-4D5C-9BB7-16DFA935C4C1}{EF758C50-5FA2-4B0A-86D3-8B65B176BC53}
File name without pathfja9sdfh.exehhb91hih.exej0192udlkhas.exepdqjw9d8as123hdk.exepqjw9d8123hk.exesvb98s12e.exesvb98s15e.exesvj9812e.exeRegexp file mask%ALLUSERSPROFILE%\FXGuard\fxnet.exe%APPDATA%\Alianz.exe%APPDATA%\fileSystem.exe%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\directxwebpack.exe%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\newcpuchecker.js%APPDATA%\syse.sys%APPDATA%\workk.exe%HOMEDRIVE%\ntldr~[RANDOM CHARACTERS]%HOMEDRIVE%\smartdata\bbaassd.exe%HOMEDRIVE%\smartdata\fasfd.exe%HOMEDRIVE%\SmartData\fhalslk.dll%HOMEDRIVE%\SmartData\performer.exe%HOMEDRIVE%\SmartData\servicer.exe%HOMEDRIVE%\SmartData\svchost_ms.exe%LOCALAPPDATA%\Audiodg\audiodgs.exe%LOCALAPPDATA%\bbuy.exe%LOCALAPPDATA%\Default Folder\server.exe%LOCALAPPDATA%\Microsoft\TaskPlay\caches.dat%LOCALAPPDATA%\VirtualStore\ntldr~[RANDOM CHARACTERS]%LOCALAPPDATA%\WServices\performer.exe%LOCALAPPDATA%\WServices\smaters.exe%LOCALAPPDATA%\WServices\svsmst.exe%Programfiles%\fuwu.exe%PROGRAMFILES%\WindowsPowerShell\Configuration\Registration\svhost.exe%PROGRAMFILES(x86)%\smartdata\asdd.exe%PROGRAMFILES(x86)%\smartdata\asdffdf.exe%PROGRAMFILES(x86)%\smartdata\bbaassd.exe%PROGRAMFILES(x86)%\smartdata\fasfd.exe%PROGRAMFILES(x86)%\smartdata\fsadfsadfsdf.exe%PROGRAMFILES(x86)%\smartdata\gagadsfgafg.exe%PROGRAMFILES(x86)%\SmartData\performer.exe%PROGRAMFILES(x86)%\smartdata\servicer.exe%PROGRAMFILES(x86)%\smartdata\svchost_ms.exe%PROGRAMFILES(x86)%\WindowsPowerShell\Configuration\Registration\svhost.exe%TEMP%\networkservice.exe%WINDIR%\gdp32.exe%WINDIR%\imgsvc\imgsvc.exe%WINDIR%\lsasc.exe%WINDIR%\sysde32.exe%WINDIR%\System32\NetUpdService.exe%WINDIR%\system32\show.exe%WINDIR%\system32\wbem\123.bat%WINDIR%\System32\wmiex.exe%WINDIR%\sysve32.exe%WINDIR%\SysWoW64\NetUpdService.exe%WINDIR%\SysWOW64\wmiex.exe%WINDIR%\temp\bestfile1.exe%WINDIR%\Temp\y2b.exe%WINDIR%\winmds.exeHKEY..\..\..\..{RegistryKeys}SOFTWARE\MachinerSOFTWARE\MaxPlugs\EmmailSOFTWARE\Microsoft\Windows\CurrentVersion\Run\Window UpdateSOFTWARE\Wow6432Node\MachinerSOFTWARE\WOW6432Node\MaxPlugs\EmmailSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Window UpdateHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}eMail Extractor_is1Emoticons Mail_is1{88826714-E1D9-4D5C-9BB7-16DFA935C4C1}{EF758C50-5FA2-4B0A-86D3-8B65B176BC53}
Additional Information
The following directories were created:
%ALLUSERSPROFILE%\gramblr%ALLUSERSPROFILE%\nirds%ALLUSERSPROFILE%\tlrzjcfpeq%ALLUSERSPROFILE%\yemjxjfcbj%APPDATA%\ww.fm%LOCALAPPDATA%\WServices%PROGRAMFILES%\Procedure%PROGRAMFILES%\Windows Utility Update%PROGRAMFILES%\eMail Extractor%PROGRAMFILES%\machinerdata%PROGRAMFILES(x86)%\Windows Utility Update%PROGRAMFILES(x86)%\machinerdata%TEMP%\HWMonitor%USERPROFILE%\SecurityHealthSystray%USERPROFILE%\cabapi%UserProfile%\AppXDeploymentServer%UserProfile%\wksprt
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.