TSPY_AGENT.AAVG

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

TSPY_AGENT.AAVG

Overview

Solution

Technical Details

QUICK LINKS	Download the latest scan engine

Type: Spyware

In the wild: No

Destructive: No

Language: English

Systems affected: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:		Low

Reported detections:		Low
System impact:		High
Information exposure:		High

Description:

To get a one-glance comprehensive view of the behavior of this spyware, refer to the Behavior Diagram shown below.

TSPY_AGENT.AAVG Behavior Diagram

Spyware Overview

This spyware arrives on a system as a file dropped by JS_HACK.AG.

Upon execution, it drops several files, one of which is detected by Trend Micro as TSPY_AGENT.QSC.

The dropped component files are used by this spyware to log, and save information in created files. This spyware then sends the said information to a certain URL.

This routine risks the exposure of the user's account information, which may then lead to the unauthorized use of the stolen data.

Furthermore, this spyware connects to a certain URL to download a certain file. As a result, the routines of the downloaded file are exhibited on the affected system. However, as of this writing, the said URL is inaccessible.

For additional information about this threat, see:
Solution
Technical Details

Tell us how we did. Take our quick survey.