Trojan-Downloader.Win32.Agent.ahoe

By GoldSparrow in Trojans

Translate To:

Threat Scorecard

Ranking:	726
Threat Level:	80 % (High)
Infected Computers:	509,488

First Seen:	July 24, 2009
Last Seen:	February 19, 2024
OS(es) Affected:	Windows

Trojan-Downloader.Win32.Agent.ahoe is a trojan horse virus that typically infiltrates the computer from rogue websites or through file sharing programs. Trojan-Downloader.Win32.Agent.ahoe downloads malicious content from the Internet and executes them on the compromised machine without user knowledge or approval. Trojan-Downloader.Win32.Agent.ahoe creates its own registry entry to ensure that it begin running every time Windows starts up. Trojan-Downloader.Win32.Agent.ahoe typically appears listed in the scan results of the rogue anti-spyware program Windows Antivirus Pro.

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software	Detection
AVG	Downloader.Generic12.XJL
Fortinet	W32/Downloader_x.GCN!tr
AntiVir	TR/Agent.dpp.2
Kaspersky	HEUR:Trojan.Win32.Generic
eSafe	Win32.TRAgent.Dpp
Avast	Win32:Agent-APGZ [Trj]
McAfee	Generic.dx!bcx4
Ikarus	Trojan.SuspectCRC
AhnLab-V3	Win-Clicker/Agent.499712
AntiVir	TR/Gendal.kdv.300198
DrWeb	Trojan.DownLoader4.23247
BitDefender	Trojan.Generic.KDV.300198
eSafe	Win32.WS.Reputation
McAfee	Artemis!764155503436
Panda	Trj/Downloader.QBT

SpyHunter Detects & Remove Trojan-Downloader.Win32.Agent.ahoe

File System Details

Trojan-Downloader.Win32.Agent.ahoe may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	tcharar.exe	fb499993c46f50b75f102d5d59b61eb2	9,924
Name: tcharar.exe MD5: fb499993c46f50b75f102d5d59b61eb2 Size: 992.09 KB (992091 bytes) Detections: 9,924 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\local\temp\is-6ks2l.tmp\tcharar.exe Group: Malware file Last Updated: September 12, 2023
2.	NetUpdService.exe	ac9fa3514f1313c92ae5a52938a50d9a	1,481
Name: NetUpdService.exe MD5: ac9fa3514f1313c92ae5a52938a50d9a Size: 2.95 MB (2956288 bytes) Detections: 1,481 Type: Executable File Path: C:\WINDOWS\SysWOW64\NetUpdService.exe Group: Malware file Last Updated: September 18, 2023
3.	lsmsrv.exe	b262a3f123fc2ad625654813cf3c3734	84
Name: lsmsrv.exe MD5: b262a3f123fc2ad625654813cf3c3734 Size: 6.14 KB (6144 bytes) Detections: 84 Type: Executable File Path: C:\WINDOWS Group: Malware file Last Updated: September 5, 2018
4.	CasPol.exe	41738da656e4210381b7c44fc9c577d6	54
Name: CasPol.exe MD5: 41738da656e4210381b7c44fc9c577d6 Size: 190.46 KB (190464 bytes) Detections: 54 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData Group: Malware file Last Updated: April 7, 2017
5.	Client.exe	1362cac64386ac917c3b91e29749740f	49
Name: Client.exe MD5: 1362cac64386ac917c3b91e29749740f Size: 58.88 KB (58880 bytes) Detections: 49 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Client.exe Group: Malware file Last Updated: June 26, 2020
6.	mscorsvcw.exe	31fed0143ac4552b83c4686a05a46e98	47
Name: mscorsvcw.exe MD5: 31fed0143ac4552b83c4686a05a46e98 Size: 176.12 KB (176128 bytes) Detections: 47 Type: Executable File Path: %SystemDrive%\Users\<username>\AppData\Local\MFTCompilerData Group: Malware file Last Updated: April 7, 2017
7.	digital1610_Good_11cr13.exe	35164e8135d144bf04395e62461d2a0e	20
Name: digital1610_Good_11cr13.exe MD5: 35164e8135d144bf04395e62461d2a0e Size: 667.64 KB (667648 bytes) Detections: 20 Type: Executable File Path: C:\Program Files (x86)\Proxyfilter\Proxyfilter Group: Malware file Last Updated: November 6, 2019
8.	CasPol.exe	640c929f035640332df9e5fbd5a16feb	19
Name: CasPol.exe MD5: 640c929f035640332df9e5fbd5a16feb Size: 75.77 KB (75776 bytes) Detections: 19 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData Group: Malware file Last Updated: April 7, 2017
9.	CasPol.exe	43435a9ee3da7c5cba4838a9282edb2c	15
Name: CasPol.exe MD5: 43435a9ee3da7c5cba4838a9282edb2c Size: 78.33 KB (78336 bytes) Detections: 15 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData Group: Malware file Last Updated: April 7, 2017
10.	CasPol.exe	219756a0afb038f32ece0ba5d495be73	15
Name: CasPol.exe MD5: 219756a0afb038f32ece0ba5d495be73 Size: 146.94 KB (146944 bytes) Detections: 15 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData Group: Malware file Last Updated: April 7, 2017
11.	mscorsvcw.exe	860a6d17959203f41a2ca6226270516c	15
Name: mscorsvcw.exe MD5: 860a6d17959203f41a2ca6226270516c Size: 77.31 KB (77312 bytes) Detections: 15 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData Group: Malware file Last Updated: April 7, 2017
12.	CasPol.exe	afc950c9b2d2f7efafe4f2161bd77840	10
Name: CasPol.exe MD5: afc950c9b2d2f7efafe4f2161bd77840 Size: 105.47 KB (105472 bytes) Detections: 10 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData Group: Malware file Last Updated: April 7, 2017
13.	mscorsvcw.exe	70d6f8cecf28290a4b574db5214a858a	9
Name: mscorsvcw.exe MD5: 70d6f8cecf28290a4b574db5214a858a Size: 70.65 KB (70656 bytes) Detections: 9 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData Group: Malware file Last Updated: April 7, 2017
14.	AGSService.exe	2d364060d6b042250a351507c0b6d556	9
Name: AGSService.exe MD5: 2d364060d6b042250a351507c0b6d556 Detections: 9 Type: Executable File Path: C:\ProgramData\{X3UUG6E2-QB4Z-35Z0-KFUNRZT0Y84D} Group: Malware file Last Updated: October 17, 2018
15.	CasPol.exe	21301e5e1e758807d881756c92450ed6	7
Name: CasPol.exe MD5: 21301e5e1e758807d881756c92450ed6 Size: 157.69 KB (157696 bytes) Detections: 7 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData Group: Malware file Last Updated: April 7, 2017
16.	mscorsvcw.exe	97b59094496145dadf4acdf758d69eb6	7
Name: mscorsvcw.exe MD5: 97b59094496145dadf4acdf758d69eb6 Size: 153.08 KB (153088 bytes) Detections: 7 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData Group: Malware file Last Updated: April 7, 2017
17.	WindowsDefenderUpdate.exe	844430aac97001ca90f1e319711ba820	5
Name: WindowsDefenderUpdate.exe MD5: 844430aac97001ca90f1e319711ba820 Size: 325.63 KB (325632 bytes) Detections: 5 Type: Executable File Path: C:\Users\<username>\Desktop Group: Malware file Last Updated: May 16, 2018
18.	g666.tmp.exe	c7d0fd72924d39d78010aa13e5f1e3bf	4
Name: g666.tmp.exe MD5: c7d0fd72924d39d78010aa13e5f1e3bf Size: 239.1 KB (239104 bytes) Detections: 4 Type: Executable File Path: %WINDIR%\TEMP Group: Malware file Last Updated: March 17, 2020
19.	get.exe	cd49e0979be34d51eee3606438184f52	4
Name: get.exe MD5: cd49e0979be34d51eee3606438184f52 Size: 67.35 KB (67357 bytes) Detections: 4 Type: Executable File Path: c:\Users\<username>\appdata\roaming Group: Malware file Last Updated: November 7, 2018
20.	mscorsvcw.exe	9469e6e01573dbef507c02d989d87994	3
Name: mscorsvcw.exe MD5: 9469e6e01573dbef507c02d989d87994 Size: 69.12 KB (69120 bytes) Detections: 3 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData Group: Malware file Last Updated: April 7, 2017
21.	file.exe	6a09b6a18efde73709d8caad4fb819ef	2
Name: file.exe MD5: 6a09b6a18efde73709d8caad4fb819ef Size: 225.7 KB (225704 bytes) Detections: 2 Type: Executable File Path: C:\ProgramData\ShellTasks Group: Malware file Last Updated: April 23, 2018
22.	mscorsvcw.exe	824cdb00c937a718eaf92abb3912e4fd	1
Name: mscorsvcw.exe MD5: 824cdb00c937a718eaf92abb3912e4fd Size: 68.12 KB (68120 bytes) Detections: 1 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData Group: Malware file Last Updated: April 7, 2017
23.	CasPol.exe	6bdd03bca85069c0f8c034a37d2e1be0	1
Name: CasPol.exe MD5: 6bdd03bca85069c0f8c034a37d2e1be0 Size: 76.8 KB (76800 bytes) Detections: 1 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData Group: Malware file Last Updated: April 7, 2017
24.	CasPol.exe	bc34aa8b684fb32511fc1c60566de42c	1
Name: CasPol.exe MD5: bc34aa8b684fb32511fc1c60566de42c Size: 78.33 KB (78336 bytes) Detections: 1 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData Group: Malware file Last Updated: April 7, 2017
25.	CasPol.exe	a7aaf4d9e10897faded9a4727a626900	1
Name: CasPol.exe MD5: a7aaf4d9e10897faded9a4727a626900 Size: 115.2 KB (115200 bytes) Detections: 1 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData Group: Malware file Last Updated: April 7, 2017
26.	file.exe	865cd7bf0e4612204bfaff0e11bfd166	0
Name: file.exe MD5: 865cd7bf0e4612204bfaff0e11bfd166 Size: 56.83 KB (56832 bytes) Detections: 0 Type: Executable File Group: Malware file

More files

Registry Details

Trojan-Downloader.Win32.Agent.ahoe may create the following registry entry or registry entries:

File name without path

fja9sdfh.exe

hhb91hih.exe

j0192udlkhas.exe

pdqjw9d8as123hdk.exe

pqjw9d8123hk.exe

svb98s12e.exe

svb98s15e.exe

svj9812e.exe

Regexp file mask

%ALLUSERSPROFILE%\FXGuard\fxnet.exe

%APPDATA%\Alianz.exe

%APPDATA%\fileSystem.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\directxwebpack.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\newcpuchecker.js

%APPDATA%\syse.sys

%APPDATA%\workk.exe

%HOMEDRIVE%\ntldr~[RANDOM CHARACTERS]

%HOMEDRIVE%\smartdata\bbaassd.exe

%HOMEDRIVE%\smartdata\fasfd.exe

%HOMEDRIVE%\SmartData\fhalslk.dll

%HOMEDRIVE%\SmartData\performer.exe

%HOMEDRIVE%\SmartData\servicer.exe

%HOMEDRIVE%\SmartData\svchost_ms.exe

%LOCALAPPDATA%\Audiodg\audiodgs.exe

%LOCALAPPDATA%\bbuy.exe

%LOCALAPPDATA%\Default Folder\server.exe

%LOCALAPPDATA%\Microsoft\TaskPlay\caches.dat

%LOCALAPPDATA%\VirtualStore\ntldr~[RANDOM CHARACTERS]

%LOCALAPPDATA%\WServices\performer.exe

%LOCALAPPDATA%\WServices\smaters.exe

%LOCALAPPDATA%\WServices\svsmst.exe

%Programfiles%\fuwu.exe

%PROGRAMFILES%\WindowsPowerShell\Configuration\Registration\svhost.exe

%PROGRAMFILES(x86)%\smartdata\asdd.exe

%PROGRAMFILES(x86)%\smartdata\asdffdf.exe

%PROGRAMFILES(x86)%\smartdata\bbaassd.exe

%PROGRAMFILES(x86)%\smartdata\fasfd.exe

%PROGRAMFILES(x86)%\smartdata\fsadfsadfsdf.exe

%PROGRAMFILES(x86)%\smartdata\gagadsfgafg.exe

%PROGRAMFILES(x86)%\SmartData\performer.exe

%PROGRAMFILES(x86)%\smartdata\servicer.exe

%PROGRAMFILES(x86)%\smartdata\svchost_ms.exe

%PROGRAMFILES(x86)%\WindowsPowerShell\Configuration\Registration\svhost.exe

%TEMP%\networkservice.exe

%WINDIR%\gdp32.exe

%WINDIR%\imgsvc\imgsvc.exe

%WINDIR%\lsasc.exe

%WINDIR%\sysde32.exe

%WINDIR%\System32\NetUpdService.exe

%WINDIR%\system32\show.exe

%WINDIR%\system32\wbem\123.bat

%WINDIR%\System32\wmiex.exe

%WINDIR%\sysve32.exe

%WINDIR%\SysWoW64\NetUpdService.exe

%WINDIR%\SysWOW64\wmiex.exe

%WINDIR%\temp\bestfile1.exe

%WINDIR%\Temp\y2b.exe

%WINDIR%\winmds.exe

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\Machiner

SOFTWARE\MaxPlugs\Emmail

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Window Update

SOFTWARE\Wow6432Node\Machiner

SOFTWARE\WOW6432Node\MaxPlugs\Emmail

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Window Update

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

eMail Extractor_is1

Emoticons Mail_is1

{88826714-E1D9-4D5C-9BB7-16DFA935C4C1}

{EF758C50-5FA2-4B0A-86D3-8B65B176BC53}

Directories

Trojan-Downloader.Win32.Agent.ahoe may create the following directory or directories:

%ALLUSERSPROFILE%\gramblr

%ALLUSERSPROFILE%\nirds

%ALLUSERSPROFILE%\tlrzjcfpeq

%ALLUSERSPROFILE%\yemjxjfcbj

%APPDATA%\ww.fm

%LOCALAPPDATA%\WServices

%PROGRAMFILES%\Procedure

%PROGRAMFILES%\Windows Utility Update

%PROGRAMFILES%\eMail Extractor

%PROGRAMFILES%\machinerdata

%PROGRAMFILES(x86)%\Windows Utility Update

%PROGRAMFILES(x86)%\machinerdata

%TEMP%\HWMonitor

%USERPROFILE%\SecurityHealthSystray

%USERPROFILE%\cabapi

%UserProfile%\AppXDeploymentServer

%UserProfile%\wksprt

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Trojan-Downloader.Win32.Agent.ahoe

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Trojan-Downloader.Win32.Agent.ahoe

File System Details

Registry Details

Directories

Submit Comment

Trending

MIRROR Ransomware

Jastugoa.top

'Have You Heard About Pegasus?' Email Scam

Most Viewed

Discord Shows Black Screen when Sharing Screen

How To Fix 'Printer Driver is Unavailable' Error

What is Msedge.exe?