Troj/Agent-OVJ
Troj/Agent-OVJ is the final component of a multi-component malware attack that initiates with a corrupted HLP file that is actually designed to install a dangerous executable on the victim's computer. HLP files are Windows Help files and are traditionally regarded to be safe. However, criminals can use these kinds of files to drop malware on a computer. An example of this was first detected in August of 2012. This attack involves a malicious HLP file aimed at Italian-speaking victims. Named Amministrazione.hlp (which is the Italian word for 'Administration'), this malware infection uses a social engineering approach in order to convince computer users to run it and initiate the process that ends with the installation of the Troj/Agent-OVJ Trojan.
Once this corrupted Windows Help file is opened, it will force the affected computer to show an error message. This message contains the following text:
Help could not read the current Help file.
Make sure there are no errors on the disk, or if the file is on a network drive, that the server is active. (163)
This error message is there to mislead the victim, distracting their attention while an executable file is dropped in the background. This malicious executable file, named Windows Security Center.exe is designed to install Troj/Agent-OVJ on the victim's computer. Troj/Agent-OVJ is a component of the infamous DarkShell Trojan. Troj/Agent-OVJ in particular takes the form of a malicious DLL file which contains a highly-effective keylogger component. Once installed, Troj/Agent-OVJ keeps track of all activity on the infected computer, storing all keystrokes in a file and isolating sensitive data such as email passwords and online banking credentials.
The Consequences of a Troj/Agent-OVJ Attack
The main goal of Troj/Agent-OVJ is to log all keystrokes on the infected computer's keyboard and stores this information on a file named UserData.dat. At set intervals, Troj/Agent-OVJ will attempt to transmit this information to a third party, uploading it to the domain images.zyns.com. Malware researchers have associated with domain with various dangerous malware attacks. To avoid Troj/Agent-OVJ infections, ESG security researchers strongly advise computer users to exercise care when handling HLP files. Despite of the fact that this extension is associated with Windows Help files, not all HLP files are safe for your machine. If, by any chance, you have been exposed to Troj/Agent-OVJ, ESG security researchers advise restarting your PC in Safe Mode and utilizing a trustworthy anti-malware program to scan your hard drives for possible malware threats.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | RECYCLER.DLL | |
| 2. | Windows Security Center.exe | |
| 3. | \Documents and Settings\username\Local Settings\Application Data\UserData.dat | |
| 4. | Amministrazione.hlp |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.