Trojan-Downloader.Win32.Agent.ahoe
Posted: August 6, 2009
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to
give every identifiable malware threat. Our Threat Meter includes several criteria based off of
specific malware threats to value their severity, reach and volume. The Threat Meter is able to give
you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count,
Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic
breakdown of how all threats are ranked within our own extensive malware database. The scoring for
each specific malware threat can be easily compared to other emerging threats to draw a contrast in
its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to
remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 532 |
|---|---|
| Threat Level: | 8/10 |
| Infected PCs: | 1,189,883 |
| First Seen: | July 24, 2009 |
|---|---|
| Last Seen: | October 17, 2023 |
| OS(es) Affected: | Windows |
Trojan-Downloader.Win32.Agent.ahoe is a trojan virus that downloads malicious content from the Internet and executes them on the infected computer without your knowledge or consent. In order to ensure that Trojan-Downloader.Win32.Agent.ahoe is launched at the beginning of every Windows start-up phase, the parasite modifies the registry entries. Trojan-Downloader.Win32.Agent.ahoe is currently found as an infection detected by the rogue anti-spyware program called Windows Antivirus Pro.
Aliases
Downloader.Generic12.XJL [AVG]W32/Downloader_x.GCN!tr [Fortinet]TR/Agent.dpp.2 [AntiVir]HEUR:Trojan.Win32.Generic [Kaspersky]Win32.TRAgent.Dpp [eSafe]Win32:Agent-APGZ [Trj] [Avast]Generic.dx!bcx4 [McAfee]Trojan.SuspectCRC [Ikarus]Win-Clicker/Agent.499712 [AhnLab-V3]TR/Gendal.kdv.300198 [AntiVir]Trojan.DownLoader4.23247 [DrWeb]Trojan.Generic.KDV.300198 [BitDefender]Win32.WS.Reputation [eSafe]Artemis!764155503436 [McAfee]Trj/Downloader.QBT [Panda]
More aliases (1282)
More aliases (1282)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%SYSTEMDRIVE%\Users\<username>\appdata\local\temp\is-6ks2l.tmp\tcharar.exe
File name: tcharar.exeSize: 992.09 KB (992091 bytes)
MD5: fb499993c46f50b75f102d5d59b61eb2
Detection count: 23,224
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\Users\<username>\appdata\local\temp\is-6ks2l.tmp\tcharar.exe
Group: Malware file
Last Updated: September 12, 2023
C:\WINDOWS\SysWOW64\NetUpdService.exe
File name: NetUpdService.exeSize: 2.95 MB (2956288 bytes)
MD5: ac9fa3514f1313c92ae5a52938a50d9a
Detection count: 3,469
File type: Executable File
Mime Type: unknown/exe
Path: C:\WINDOWS\SysWOW64\NetUpdService.exe
Group: Malware file
Last Updated: September 18, 2023
%LOCALAPPDATA%\MFTCompilerData\CasPol.exe
File name: CasPol.exeSize: 190.46 KB (190464 bytes)
MD5: 41738da656e4210381b7c44fc9c577d6
Detection count: 126
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\MFTCompilerData
Group: Malware file
Last Updated: April 7, 2017
%SYSTEMDRIVE%\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Client.exe
File name: Client.exeSize: 58.88 KB (58880 bytes)
MD5: 1362cac64386ac917c3b91e29749740f
Detection count: 115
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Client.exe
Group: Malware file
Last Updated: June 26, 2020
%SystemDrive%\Users\<username>\AppData\Local\MFTCompilerData\mscorsvcw.exe
File name: mscorsvcw.exeSize: 176.12 KB (176128 bytes)
MD5: 31fed0143ac4552b83c4686a05a46e98
Detection count: 110
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Users\<username>\AppData\Local\MFTCompilerData
Group: Malware file
Last Updated: April 7, 2017
%LOCALAPPDATA%\MFTCompilerData\CasPol.exe
File name: CasPol.exeSize: 78.33 KB (78336 bytes)
MD5: bc34aa8b684fb32511fc1c60566de42c
Detection count: 70
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\MFTCompilerData
Group: Malware file
Last Updated: April 7, 2017
%LOCALAPPDATA%\MFTCompilerData\CasPol.exe
File name: CasPol.exeSize: 115.2 KB (115200 bytes)
MD5: a7aaf4d9e10897faded9a4727a626900
Detection count: 63
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\MFTCompilerData
Group: Malware file
Last Updated: April 7, 2017
C:\Program Files (x86)\Proxyfilter\Proxyfilter\digital1610_Good_11cr13.exe
File name: digital1610_Good_11cr13.exeSize: 667.64 KB (667648 bytes)
MD5: 35164e8135d144bf04395e62461d2a0e
Detection count: 47
File type: Executable File
Mime Type: unknown/exe
Path: C:\Program Files (x86)\Proxyfilter\Proxyfilter
Group: Malware file
Last Updated: November 6, 2019
%LOCALAPPDATA%\MFTCompilerData\CasPol.exe
File name: CasPol.exeSize: 75.77 KB (75776 bytes)
MD5: 640c929f035640332df9e5fbd5a16feb
Detection count: 44
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\MFTCompilerData
Group: Malware file
Last Updated: April 7, 2017
%LOCALAPPDATA%\MFTCompilerData\CasPol.exe
File name: CasPol.exeSize: 146.94 KB (146944 bytes)
MD5: 219756a0afb038f32ece0ba5d495be73
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\MFTCompilerData
Group: Malware file
Last Updated: April 7, 2017
%LOCALAPPDATA%\MFTCompilerData\CasPol.exe
File name: CasPol.exeSize: 105.47 KB (105472 bytes)
MD5: afc950c9b2d2f7efafe4f2161bd77840
Detection count: 23
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\MFTCompilerData
Group: Malware file
Last Updated: April 7, 2017
%LOCALAPPDATA%\MFTCompilerData\mscorsvcw.exe
File name: mscorsvcw.exeSize: 70.65 KB (70656 bytes)
MD5: 70d6f8cecf28290a4b574db5214a858a
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\MFTCompilerData
Group: Malware file
Last Updated: April 7, 2017
C:\ProgramData\{X3UUG6E2-QB4Z-35Z0-KFUNRZT0Y84D}\AGSService.exe
File name: AGSService.exeMD5: 2d364060d6b042250a351507c0b6d556
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: C:\ProgramData\{X3UUG6E2-QB4Z-35Z0-KFUNRZT0Y84D}
Group: Malware file
Last Updated: October 17, 2018
%LOCALAPPDATA%\MFTCompilerData\CasPol.exe
File name: CasPol.exeSize: 157.69 KB (157696 bytes)
MD5: 21301e5e1e758807d881756c92450ed6
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\MFTCompilerData
Group: Malware file
Last Updated: April 7, 2017
C:\Users\<username>\Desktop\WindowsDefenderUpdate.exe
File name: WindowsDefenderUpdate.exeSize: 325.63 KB (325632 bytes)
MD5: 844430aac97001ca90f1e319711ba820
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\Desktop
Group: Malware file
Last Updated: May 16, 2018
%WINDIR%\TEMP\g666.tmp.exe
File name: g666.tmp.exeSize: 239.1 KB (239104 bytes)
MD5: c7d0fd72924d39d78010aa13e5f1e3bf
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\TEMP
Group: Malware file
Last Updated: March 17, 2020
c:\Users\<username>\appdata\roaming\get.exe
File name: get.exeSize: 67.35 KB (67357 bytes)
MD5: cd49e0979be34d51eee3606438184f52
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: c:\Users\<username>\appdata\roaming
Group: Malware file
Last Updated: November 7, 2018
%LOCALAPPDATA%\MFTCompilerData\mscorsvcw.exe
File name: mscorsvcw.exeSize: 69.12 KB (69120 bytes)
MD5: 9469e6e01573dbef507c02d989d87994
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\MFTCompilerData
Group: Malware file
Last Updated: April 7, 2017
More files
Registry Modifications
The following newly produced Registry Values are:
File name without pathfja9sdfh.exehhb91hih.exej0192udlkhas.exepdqjw9d8as123hdk.exepqjw9d8123hk.exesvb98s12e.exesvb98s15e.exesvj9812e.exeRegexp file mask%ALLUSERSPROFILE%\FXGuard\fxnet.exe%APPDATA%\Alianz.exe%APPDATA%\fileSystem.exe%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\directxwebpack.exe%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\newcpuchecker.js%APPDATA%\syse.sys%APPDATA%\workk.exe%HOMEDRIVE%\ntldr~[RANDOM CHARACTERS]%HOMEDRIVE%\smartdata\bbaassd.exe%HOMEDRIVE%\smartdata\fasfd.exe%HOMEDRIVE%\SmartData\fhalslk.dll%HOMEDRIVE%\SmartData\performer.exe%HOMEDRIVE%\SmartData\servicer.exe%HOMEDRIVE%\SmartData\svchost_ms.exe%LOCALAPPDATA%\Audiodg\audiodgs.exe%LOCALAPPDATA%\bbuy.exe%LOCALAPPDATA%\Default Folder\server.exe%LOCALAPPDATA%\Microsoft\TaskPlay\caches.dat%LOCALAPPDATA%\VirtualStore\ntldr~[RANDOM CHARACTERS]%LOCALAPPDATA%\WServices\performer.exe%LOCALAPPDATA%\WServices\smaters.exe%LOCALAPPDATA%\WServices\svsmst.exe%Programfiles%\fuwu.exe%PROGRAMFILES%\WindowsPowerShell\Configuration\Registration\svhost.exe%PROGRAMFILES(x86)%\smartdata\asdd.exe%PROGRAMFILES(x86)%\smartdata\asdffdf.exe%PROGRAMFILES(x86)%\smartdata\bbaassd.exe%PROGRAMFILES(x86)%\smartdata\fasfd.exe%PROGRAMFILES(x86)%\smartdata\fsadfsadfsdf.exe%PROGRAMFILES(x86)%\smartdata\gagadsfgafg.exe%PROGRAMFILES(x86)%\SmartData\performer.exe%PROGRAMFILES(x86)%\smartdata\servicer.exe%PROGRAMFILES(x86)%\smartdata\svchost_ms.exe%PROGRAMFILES(x86)%\WindowsPowerShell\Configuration\Registration\svhost.exe%TEMP%\networkservice.exe%WINDIR%\gdp32.exe%WINDIR%\imgsvc\imgsvc.exe%WINDIR%\lsasc.exe%WINDIR%\sysde32.exe%WINDIR%\System32\NetUpdService.exe%WINDIR%\system32\show.exe%WINDIR%\system32\wbem\123.bat%WINDIR%\System32\wmiex.exe%WINDIR%\sysve32.exe%WINDIR%\SysWoW64\NetUpdService.exe%WINDIR%\SysWOW64\wmiex.exe%WINDIR%\temp\bestfile1.exe%WINDIR%\Temp\y2b.exe%WINDIR%\winmds.exeHKEY..\..\..\..{RegistryKeys}SOFTWARE\MachinerSOFTWARE\MaxPlugs\EmmailSOFTWARE\Microsoft\Windows\CurrentVersion\Run\Window UpdateSOFTWARE\Wow6432Node\MachinerSOFTWARE\WOW6432Node\MaxPlugs\EmmailSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Window UpdateHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}eMail Extractor_is1Emoticons Mail_is1{88826714-E1D9-4D5C-9BB7-16DFA935C4C1}{EF758C50-5FA2-4B0A-86D3-8B65B176BC53}
File name without pathfja9sdfh.exehhb91hih.exej0192udlkhas.exepdqjw9d8as123hdk.exepqjw9d8123hk.exesvb98s12e.exesvb98s15e.exesvj9812e.exeRegexp file mask%ALLUSERSPROFILE%\FXGuard\fxnet.exe%APPDATA%\Alianz.exe%APPDATA%\fileSystem.exe%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\directxwebpack.exe%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\newcpuchecker.js%APPDATA%\syse.sys%APPDATA%\workk.exe%HOMEDRIVE%\ntldr~[RANDOM CHARACTERS]%HOMEDRIVE%\smartdata\bbaassd.exe%HOMEDRIVE%\smartdata\fasfd.exe%HOMEDRIVE%\SmartData\fhalslk.dll%HOMEDRIVE%\SmartData\performer.exe%HOMEDRIVE%\SmartData\servicer.exe%HOMEDRIVE%\SmartData\svchost_ms.exe%LOCALAPPDATA%\Audiodg\audiodgs.exe%LOCALAPPDATA%\bbuy.exe%LOCALAPPDATA%\Default Folder\server.exe%LOCALAPPDATA%\Microsoft\TaskPlay\caches.dat%LOCALAPPDATA%\VirtualStore\ntldr~[RANDOM CHARACTERS]%LOCALAPPDATA%\WServices\performer.exe%LOCALAPPDATA%\WServices\smaters.exe%LOCALAPPDATA%\WServices\svsmst.exe%Programfiles%\fuwu.exe%PROGRAMFILES%\WindowsPowerShell\Configuration\Registration\svhost.exe%PROGRAMFILES(x86)%\smartdata\asdd.exe%PROGRAMFILES(x86)%\smartdata\asdffdf.exe%PROGRAMFILES(x86)%\smartdata\bbaassd.exe%PROGRAMFILES(x86)%\smartdata\fasfd.exe%PROGRAMFILES(x86)%\smartdata\fsadfsadfsdf.exe%PROGRAMFILES(x86)%\smartdata\gagadsfgafg.exe%PROGRAMFILES(x86)%\SmartData\performer.exe%PROGRAMFILES(x86)%\smartdata\servicer.exe%PROGRAMFILES(x86)%\smartdata\svchost_ms.exe%PROGRAMFILES(x86)%\WindowsPowerShell\Configuration\Registration\svhost.exe%TEMP%\networkservice.exe%WINDIR%\gdp32.exe%WINDIR%\imgsvc\imgsvc.exe%WINDIR%\lsasc.exe%WINDIR%\sysde32.exe%WINDIR%\System32\NetUpdService.exe%WINDIR%\system32\show.exe%WINDIR%\system32\wbem\123.bat%WINDIR%\System32\wmiex.exe%WINDIR%\sysve32.exe%WINDIR%\SysWoW64\NetUpdService.exe%WINDIR%\SysWOW64\wmiex.exe%WINDIR%\temp\bestfile1.exe%WINDIR%\Temp\y2b.exe%WINDIR%\winmds.exeHKEY..\..\..\..{RegistryKeys}SOFTWARE\MachinerSOFTWARE\MaxPlugs\EmmailSOFTWARE\Microsoft\Windows\CurrentVersion\Run\Window UpdateSOFTWARE\Wow6432Node\MachinerSOFTWARE\WOW6432Node\MaxPlugs\EmmailSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Window UpdateHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}eMail Extractor_is1Emoticons Mail_is1{88826714-E1D9-4D5C-9BB7-16DFA935C4C1}{EF758C50-5FA2-4B0A-86D3-8B65B176BC53}
Additional Information
The following directories were created:
%ALLUSERSPROFILE%\gramblr%ALLUSERSPROFILE%\nirds%ALLUSERSPROFILE%\tlrzjcfpeq%ALLUSERSPROFILE%\yemjxjfcbj%APPDATA%\ww.fm%LOCALAPPDATA%\WServices%PROGRAMFILES%\Procedure%PROGRAMFILES%\Windows Utility Update%PROGRAMFILES%\eMail Extractor%PROGRAMFILES%\machinerdata%PROGRAMFILES(x86)%\Windows Utility Update%PROGRAMFILES(x86)%\machinerdata%TEMP%\HWMonitor%USERPROFILE%\SecurityHealthSystray%USERPROFILE%\cabapi%UserProfile%\AppXDeploymentServer%UserProfile%\wksprt
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.