Trojan-Downloader.VBS.Agent

Trojan-Downloader.VBS.Agent Description

Type: Trojan

Trojan-Downloader.VBS.Agent is computer threat that is able to download malicious files via the internet and execute them on a victim's computer. Trojan-Downloader.VBS.Agent may surreptitiously infiltrate a user's system via contaminate e-mail attachments or links. Trojan-Downloader.VBS.Agent may also disturb the regular running of your computer system.

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Trojan-Downloader.VBS.Agent

File System Details

Trojan-Downloader.VBS.Agent creates the following file(s):
# File Name MD5 Detection Count
1 link nhac pass giai nen 123456.vbs 0afad30416bf0fd767370d3bb5d1598b 10,061
2 r.vbs 2fa06e40a3d0b08c9024e3d3b84c1b4c 102
3 avastt.vbs b361193e07e5f61857abe630f155eee7 49
4 INSTALL.VBS d997119d08ba612227a72f08634a1114 34
5 Host Structer Update Service.vbs 871f5daa2e26aad6dcc79e44259f890e 25
6 test.vbs 2e6d506b7c617fce407f18e24e0c59cb 11
7 2netwier.VBS c3cb99a30adca177f66e9782cc5ff8d9 11
8 teracopy.vbs 011bf31d8c0f0deaf832a26d518725d0 8
9 Mervy-CanadaPhotos (2).wsf b97a22fb37ca6db33b238c8bbda22469 8
10 tmp1B96.tmp.wsf 6794b26ac68954331c7b233cdf4b640a 6
11 Boot.vbs 6459e9087ba976ef48b494a6bcbc5fef 6
12 Shell.vbs 145bc0e2bbe7c7ffba661222b3addf99 5
13 Chrome.vbs 1e3710e5bd42f5dac668aa4b0607a5cd 4
14 ShellCommonCommonProxyStub.vbs 2c54b3222ba77b79359ed9a18e77dd83 4
15 SysinternalsTask.vbs c7d9559f041e7b1038d347dd43a4d0b9 4
16 images.vbs 9701ef2d4ba15cef35b63075af4c6c72 3
17 shvhost7575.vbs 0c9a71a7230ea2f6cd2e0d00b06a2c2d 3
18 Start Network.vbs b074677fe9217dd6180475299e98b000 3
19 oue4hjld.vbs a0e5c8b0ad3da42bf6952871a41bf5e8 3
20 bhnasleil.bat 0f96848827a2960f874bcf613ce1e72c 3
21 RelaisColis.vbs 5abfef886edf023c0d0d7aec64352f29 2
22 svchost.vbs 63351755131dba12607c38c8a7662b88 2
23 adf.ly.vbs 741dbfff3fe12aaeedf93329f7f4aee4 2
24 Opera.vbs 7059014f874427014f8b682ea53c28bf 2
25 25494safa.vbs b82bb3060acdce3d686589987d5f3ba2 1
26 rhxcqluqpf.vbs 405595a669f98ef201df764c9ccf0f73 1
27 idqadqqnab.vbs 4e1d7155d2d02daef49e4ccf75d9af70 1
28 %Windir%\FunshionInstall_C43423.exe N/A
29 %Windir%\ads.exe N/A
30 %Windir%\105.exe N/A
31 %Windir%\qvodsetup3.exe N/A
More files

Registry Details

Trojan-Downloader.VBS.Agent creates the following registry entry or registry entries:
Directory
%HOMEDRIVE%\wh2
File name without path
BronCoder.vbs
BronCoder.wsf
chost.vbs
desktop.vbs
Dir.vbs
payment.vbs
securityproductinformation.vbs
ShellCommonCommonProxyStub.vbs
Skype new version.vbs
Start Network.vbs
svhost-system.vbs
system.vbe
win32.vbs
windows defender.vbs
Regexp file mask
%ALLUSERSPROFILE%\0.vbs
%ALLUSERSPROFILE%\[RANDOM CHARACTERS]..vbs
%ALLUSERSPROFILE%\do.vbs
%ALLUSERSPROFILE%\helping.vbs
%ALLUSERSPROFILE%\service.vbs
%ALLUSERSPROFILE%\System.vbs
%APPDATA%\[RANDOM CHARACTERS].[RANDOM CHARACTERS].vbs
%appdata%\[RANDOM CHARACTERS].vbe
%APPDATA%\cloudfire\cloudfire.vbs
%APPDATA%\install\gui.vbs
%APPDATA%\Javaupdate.vbs
%APPDATA%\MediaCache\[RANDOM CHARACTERS].ps1
%APPDATA%\MediaCache\[RANDOM CHARACTERS].vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\[NUMBERS].vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\[RANDOM CHARACTERS]..vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\[RANDOM CHARACTERS].exe.vbs
%appdata%\microsoft\windows\start menu\programs\startup\[RANDOM CHARACTERS].vbe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\[RANDOM CHARACTERS].vbs.vbs
%appdata%\microsoft\windows\start menu\programs\startup\[RANDOM CHARACTERS]host.vbs
%appdata%\microsoft\windows\start menu\programs\startup\[RANDOM CHARACTERS]sex[RANDOM CHARACTERS].vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Az3r.vbs
%appdata%\microsoft\windows\start menu\programs\startup\cifrado.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\cli.vbs
%appdata%\microsoft\windows\start menu\programs\startup\crack.vbs
%appdata%\microsoft\windows\start menu\programs\startup\def.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Documento.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\dsthfdjyjdb.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\explore.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\explorer.vbs
%appdata%\microsoft\windows\start menu\programs\startup\facebook.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\google.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\gui.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\HDMonitor.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\IEmonitorMgr.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\iexplore.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Java Plataforma Updater.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\MicroDump.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\mirosoft.js
%appdata%\microsoft\windows\start menu\programs\startup\payment.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Protected.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\StartupManager.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\system.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\win32.vbs
%APPDATA%\NVIDIA\NVIDIA.vbs
%APPDATA%\objectbdservice.vbs
%APPDATA%\perform\update.vbs
%APPDATA%\svcsystem.vbs
%APPDATA%\upc.vbs
%APPDATA%\Updater\Checkversion.vbs
%APPDATA%\Updater\Downloadtofolder.vbs
%APPDATA%\Updater\Fullreinstall.vbs
%APPDATA%\Updater\recovery.vbs
%APPDATA%\vito\appids.vbs
%APPDATA%\windows.vbs
%appdata\microsoft\windows\start menu\programs\startup\startup.vbs
%HOMEDRIVE%\Perform\update.vbs
%PUBLIC%\Libraries\Checks.vbs
%TEMP%\[RANDOM CHARACTERS]..vbs
%TEMP%\AutoRunApp.vbs
%TEMP%\Az3r.vbs
%TEMP%\bjdz\explor.vbs
%TEMP%\Crypted.vbs
%TEMP%\eco\[RANDOM CHARACTERS].vbs
%TEMP%\google.vbs
%TEMP%\serviecs.vbs
%TEMP%\System.vbs
%TEMP%\VBS.vbs
%TEMP%\wdn\explore.vbs
%TEMP%\Windows.vbs
%USERPROFILE%\.win\que.vbs
%USERPROFILE%\.win\winscrpt.bat
%USERPROFILE%\Documents\don.vbs
%WINDIR%\ex.vbs
%WINDIR%\que.vbs
%WINDIR%\s.vbs
%WINDIR%\winscrpt.bat
%WINDIR%\x.vbs
Registry key
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\[filename of the sample #3 without extension].MyNSHandler\Clsid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\[filename of the sample #3 without extension].MyNSHandler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC}\LocalServer32]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC}]

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.