Trojan-Dropper.Win32.Agent.bam
From Total Malware Info
Trojan program which installs another programs without user approval. Program is dynamically loaded library (PE-DLL file). Has size 76330 bytes [the sample I reversed]. Packed with UPX. Unpacked size – about 90-92 KB. It is written on Delphi.
Destructive activity
After start trojan extracts from his body file [in the sample I reversed]:
- %Windir%\system32\servmswin.exe (52266 bytes with 42 bytes overlay, detected by KAV as Trojan-Downloader.Win32.Delf.azq)
Then trojan writes last 42 (2Ah) bytes of his body to the end of this file and executes it with a parameter:
%Windir%\system32\servmswin.exe /i
Removal instructions
If your computer was not protected by anti-virus software and was infected by this malware program, to manually remove it please follow the instructions below:
- Using Task Manager terminate the trojan process.
- Delete the original trojan file (its file name and location depends on the way the trojan originally penetrated the target computer).
- Using Task Manager terminate process with a following name:
servmswin.exe
- Delete the following files:
%Windir%\system32\servmswin.exe
- Check your system for viruses using updated anti-virus definitions.
