W32/Agent.ULL

Download VIRUSfighter NOW
W32/Agent.ULL Destructivity: Spreading: Overall risk:
  
• Detected by virus detection files published: 3/10/2006 • Type: Trojan
• Virus characteristics first published: 3/10/2006 • Spreading mechanism:
• Virus characteristics latest update: 6/15/2006 • Overall risk: Medium
• Alias: Trojan-Dropper.Win32.Agent.yf • Payload: Installs other malware utilities as well as child pornography.
• Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista  

Virus type Spreading
mechanism 		Destructivity
and payload 		Additional
descriptions 		Detection
and removal

The trojan does not spread by itself.  It is likely that it has been manually distributed in fora where people would download and run it - f.ex. in file sharing networks.

File system changes:

\\TEMP\\childporn.wmv.      
\\win32.exe.      
\\msits.exe.      
\\cmd32.exe
loadadv713.exe. 
\\kernels64.exe                                

The files installed are:

win32.exe, kernels64.exe : Installers for Tibs, BraveSentry and other malware. Tibs is a downloader for pornographic adware, BraveSentry is a scam-based "AntiSpyware" utility.
msits.exe, cmd32.exe : Downloads SpySheriff and other downloaders. SpySheriff is another scam-based "AntiSpyware" utility.
loadadv713.exe : Another downloader

This is a quite common scenario - downloaders that download more downloaders which download more downloaders - it goes on and on.
# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
To protect and serve, VirusFighter