Trojan-Downloader.Win32.Agent.ahoe

By GoldSparrow in Trojans

Translate To:

Threat Scorecard

Ranking:	477
Threat Level:	80 % (High)
Infected Computers:	505,914

First Seen:	July 24, 2009
Last Seen:	May 30, 2023
OS(es) Affected:	Windows

Trojan-Downloader.Win32.Agent.ahoe is a trojan horse virus that typically infiltrates the computer from rogue websites or through file sharing programs. Trojan-Downloader.Win32.Agent.ahoe downloads malicious content from the Internet and executes them on the compromised machine without user knowledge or approval. Trojan-Downloader.Win32.Agent.ahoe creates its own registry entry to ensure that it begin running every time Windows starts up. Trojan-Downloader.Win32.Agent.ahoe typically appears listed in the scan results of the rogue anti-spyware program Windows Antivirus Pro.

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software	Detection
AVG	Downloader.Generic12.XJL
Fortinet	W32/Downloader_x.GCN!tr
AntiVir	TR/Agent.dpp.2
Kaspersky	HEUR:Trojan.Win32.Generic
eSafe	Win32.TRAgent.Dpp
Avast	Win32:Agent-APGZ [Trj]
McAfee	Generic.dx!bcx4
Ikarus	Trojan.SuspectCRC
AhnLab-V3	Win-Clicker/Agent.499712
AntiVir	TR/Gendal.kdv.300198
DrWeb	Trojan.DownLoader4.23247
BitDefender	Trojan.Generic.KDV.300198
eSafe	Win32.WS.Reputation
McAfee	Artemis!764155503436
Panda	Trj/Downloader.QBT

SpyHunter Detects & Remove Trojan-Downloader.Win32.Agent.ahoe

File System Details

Trojan-Downloader.Win32.Agent.ahoe may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	tcharar.exe	fb499993c46f50b75f102d5d59b61eb2	9,913
Name: tcharar.exe MD5: fb499993c46f50b75f102d5d59b61eb2 Size: 992.09 KB (992091 bytes) Detections: 9913 Type: Executable File Path: %SYSTEMDRIVE%\users\admin\appdata\local\temp\is-6ks2l.tmp\tcharar.exe\ Group: Malware file Last Updated: August 12, 2022
2.	NetUpdService.exe	ac9fa3514f1313c92ae5a52938a50d9a	1,480
Name: NetUpdService.exe MD5: ac9fa3514f1313c92ae5a52938a50d9a Size: 2.95 MB (2956288 bytes) Detections: 1480 Type: Executable File Path: C:\WINDOWS\SysWOW64\NetUpdService.exe\ Group: Malware file Last Updated: February 11, 2023
3.	lsmsrv.exe	b262a3f123fc2ad625654813cf3c3734	84
Name: lsmsrv.exe MD5: b262a3f123fc2ad625654813cf3c3734 Size: 6.14 KB (6144 bytes) Detections: 84 Type: Executable File Path: C:\WINDOWS\ Group: Malware file Last Updated: September 5, 2018
4.	CasPol.exe	41738da656e4210381b7c44fc9c577d6	54
Name: CasPol.exe MD5: 41738da656e4210381b7c44fc9c577d6 Size: 190.46 KB (190464 bytes) Detections: 54 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData\ Group: Malware file Last Updated: April 7, 2017
5.	Client.exe	1362cac64386ac917c3b91e29749740f	49
Name: Client.exe MD5: 1362cac64386ac917c3b91e29749740f Size: 58.88 KB (58880 bytes) Detections: 49 Type: Executable File Path: %SYSTEMDRIVE%\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Client.exe\ Group: Malware file Last Updated: June 26, 2020
6.	mscorsvcw.exe	31fed0143ac4552b83c4686a05a46e98	47
Name: mscorsvcw.exe MD5: 31fed0143ac4552b83c4686a05a46e98 Size: 176.12 KB (176128 bytes) Detections: 47 Type: Executable File Path: %SystemDrive%\Users\alagu\AppData\Local\MFTCompilerData\ Group: Malware file Last Updated: April 7, 2017
7.	digital1610_Good_11cr13.exe	35164e8135d144bf04395e62461d2a0e	20
Name: digital1610_Good_11cr13.exe MD5: 35164e8135d144bf04395e62461d2a0e Size: 667.64 KB (667648 bytes) Detections: 20 Type: Executable File Path: C:\Program Files (x86)\Proxyfilter\Proxyfilter\ Group: Malware file Last Updated: November 6, 2019
8.	CasPol.exe	640c929f035640332df9e5fbd5a16feb	19
Name: CasPol.exe MD5: 640c929f035640332df9e5fbd5a16feb Size: 75.77 KB (75776 bytes) Detections: 19 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData\ Group: Malware file Last Updated: April 7, 2017
9.	CasPol.exe	43435a9ee3da7c5cba4838a9282edb2c	15
Name: CasPol.exe MD5: 43435a9ee3da7c5cba4838a9282edb2c Size: 78.33 KB (78336 bytes) Detections: 15 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData\ Group: Malware file Last Updated: April 7, 2017
10.	CasPol.exe	219756a0afb038f32ece0ba5d495be73	15
Name: CasPol.exe MD5: 219756a0afb038f32ece0ba5d495be73 Size: 146.94 KB (146944 bytes) Detections: 15 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData\ Group: Malware file Last Updated: April 7, 2017
11.	mscorsvcw.exe	860a6d17959203f41a2ca6226270516c	15
Name: mscorsvcw.exe MD5: 860a6d17959203f41a2ca6226270516c Size: 77.31 KB (77312 bytes) Detections: 15 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData\ Group: Malware file Last Updated: April 7, 2017
12.	CasPol.exe	afc950c9b2d2f7efafe4f2161bd77840	10
Name: CasPol.exe MD5: afc950c9b2d2f7efafe4f2161bd77840 Size: 105.47 KB (105472 bytes) Detections: 10 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData\ Group: Malware file Last Updated: April 7, 2017
13.	mscorsvcw.exe	70d6f8cecf28290a4b574db5214a858a	9
Name: mscorsvcw.exe MD5: 70d6f8cecf28290a4b574db5214a858a Size: 70.65 KB (70656 bytes) Detections: 9 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData\ Group: Malware file Last Updated: April 7, 2017
14.	AGSService.exe	2d364060d6b042250a351507c0b6d556	9
Name: AGSService.exe MD5: 2d364060d6b042250a351507c0b6d556 Detections: 9 Type: Executable File Path: C:\ProgramData\{X3UUG6E2-QB4Z-35Z0-KFUNRZT0Y84D}\ Group: Malware file Last Updated: October 17, 2018
15.	CasPol.exe	21301e5e1e758807d881756c92450ed6	7
Name: CasPol.exe MD5: 21301e5e1e758807d881756c92450ed6 Size: 157.69 KB (157696 bytes) Detections: 7 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData\ Group: Malware file Last Updated: April 7, 2017
16.	mscorsvcw.exe	97b59094496145dadf4acdf758d69eb6	7
Name: mscorsvcw.exe MD5: 97b59094496145dadf4acdf758d69eb6 Size: 153.08 KB (153088 bytes) Detections: 7 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData\ Group: Malware file Last Updated: April 7, 2017
17.	WindowsDefenderUpdate.exe	844430aac97001ca90f1e319711ba820	5
Name: WindowsDefenderUpdate.exe MD5: 844430aac97001ca90f1e319711ba820 Size: 325.63 KB (325632 bytes) Detections: 5 Type: Executable File Path: C:\Users\user\Desktop\ Group: Malware file Last Updated: May 16, 2018
18.	g666.tmp.exe	c7d0fd72924d39d78010aa13e5f1e3bf	4
Name: g666.tmp.exe MD5: c7d0fd72924d39d78010aa13e5f1e3bf Size: 239.1 KB (239104 bytes) Detections: 4 Type: Executable File Path: %WINDIR%\TEMP\ Group: Malware file Last Updated: March 17, 2020
19.	get.exe	cd49e0979be34d51eee3606438184f52	4
Name: get.exe MD5: cd49e0979be34d51eee3606438184f52 Size: 67.35 KB (67357 bytes) Detections: 4 Type: Executable File Path: c:\users\micro\appdata\roaming\ Group: Malware file Last Updated: November 7, 2018
20.	mscorsvcw.exe	9469e6e01573dbef507c02d989d87994	3
Name: mscorsvcw.exe MD5: 9469e6e01573dbef507c02d989d87994 Size: 69.12 KB (69120 bytes) Detections: 3 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData\ Group: Malware file Last Updated: April 7, 2017
21.	file.exe	6a09b6a18efde73709d8caad4fb819ef	2
Name: file.exe MD5: 6a09b6a18efde73709d8caad4fb819ef Size: 225.7 KB (225704 bytes) Detections: 2 Type: Executable File Path: C:\ProgramData\ShellTasks\ Group: Malware file Last Updated: April 23, 2018
22.	mscorsvcw.exe	824cdb00c937a718eaf92abb3912e4fd	1
Name: mscorsvcw.exe MD5: 824cdb00c937a718eaf92abb3912e4fd Size: 68.12 KB (68120 bytes) Detections: 1 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData\ Group: Malware file Last Updated: April 7, 2017
23.	CasPol.exe	6bdd03bca85069c0f8c034a37d2e1be0	1
Name: CasPol.exe MD5: 6bdd03bca85069c0f8c034a37d2e1be0 Size: 76.8 KB (76800 bytes) Detections: 1 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData\ Group: Malware file Last Updated: April 7, 2017
24.	CasPol.exe	bc34aa8b684fb32511fc1c60566de42c	1
Name: CasPol.exe MD5: bc34aa8b684fb32511fc1c60566de42c Size: 78.33 KB (78336 bytes) Detections: 1 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData\ Group: Malware file Last Updated: April 7, 2017
25.	CasPol.exe	a7aaf4d9e10897faded9a4727a626900	1
Name: CasPol.exe MD5: a7aaf4d9e10897faded9a4727a626900 Size: 115.2 KB (115200 bytes) Detections: 1 Type: Executable File Path: %LOCALAPPDATA%\MFTCompilerData\ Group: Malware file Last Updated: April 7, 2017
26.	file.exe	865cd7bf0e4612204bfaff0e11bfd166	0
Name: file.exe MD5: 865cd7bf0e4612204bfaff0e11bfd166 Size: 56.83 KB (56832 bytes) Detections: 0 Type: Executable File Group: Malware file

More files

Registry Details

Trojan-Downloader.Win32.Agent.ahoe may create the following registry entry or registry entries:

File name without path

fja9sdfh.exe

hhb91hih.exe

j0192udlkhas.exe

pdqjw9d8as123hdk.exe

pqjw9d8123hk.exe

svb98s12e.exe

svb98s15e.exe

svj9812e.exe

Regexp file mask

%ALLUSERSPROFILE%\FXGuard\fxnet.exe

%APPDATA%\Alianz.exe

%APPDATA%\fileSystem.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\directxwebpack.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\newcpuchecker.js

%APPDATA%\syse.sys

%APPDATA%\workk.exe

%HOMEDRIVE%\ntldr~[RANDOM CHARACTERS]

%HOMEDRIVE%\smartdata\bbaassd.exe

%HOMEDRIVE%\smartdata\fasfd.exe

%HOMEDRIVE%\SmartData\fhalslk.dll

%HOMEDRIVE%\SmartData\performer.exe

%HOMEDRIVE%\SmartData\servicer.exe

%HOMEDRIVE%\SmartData\svchost_ms.exe

%LOCALAPPDATA%\Audiodg\audiodgs.exe

%LOCALAPPDATA%\bbuy.exe

%LOCALAPPDATA%\Default Folder\server.exe

%LOCALAPPDATA%\Microsoft\TaskPlay\caches.dat

%LOCALAPPDATA%\VirtualStore\ntldr~[RANDOM CHARACTERS]

%LOCALAPPDATA%\WServices\performer.exe

%LOCALAPPDATA%\WServices\smaters.exe

%LOCALAPPDATA%\WServices\svsmst.exe

%Programfiles%\fuwu.exe

%PROGRAMFILES%\WindowsPowerShell\Configuration\Registration\svhost.exe

%PROGRAMFILES(x86)%\smartdata\asdd.exe

%PROGRAMFILES(x86)%\smartdata\asdffdf.exe

%PROGRAMFILES(x86)%\smartdata\bbaassd.exe

%PROGRAMFILES(x86)%\smartdata\fasfd.exe

%PROGRAMFILES(x86)%\smartdata\fsadfsadfsdf.exe

%PROGRAMFILES(x86)%\smartdata\gagadsfgafg.exe

%PROGRAMFILES(x86)%\SmartData\performer.exe

%PROGRAMFILES(x86)%\smartdata\servicer.exe

%PROGRAMFILES(x86)%\smartdata\svchost_ms.exe

%PROGRAMFILES(x86)%\WindowsPowerShell\Configuration\Registration\svhost.exe

%TEMP%\networkservice.exe

%WINDIR%\gdp32.exe

%WINDIR%\imgsvc\imgsvc.exe

%WINDIR%\lsasc.exe

%WINDIR%\sysde32.exe

%WINDIR%\System32\NetUpdService.exe

%WINDIR%\system32\show.exe

%WINDIR%\system32\wbem\123.bat

%WINDIR%\System32\wmiex.exe

%WINDIR%\sysve32.exe

%WINDIR%\SysWoW64\NetUpdService.exe

%WINDIR%\SysWOW64\wmiex.exe

%WINDIR%\temp\bestfile1.exe

%WINDIR%\Temp\y2b.exe

%WINDIR%\winmds.exe

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\Machiner

SOFTWARE\MaxPlugs\Emmail

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Window Update

SOFTWARE\Wow6432Node\Machiner

SOFTWARE\WOW6432Node\MaxPlugs\Emmail

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Window Update

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

eMail Extractor_is1

Emoticons Mail_is1

{88826714-E1D9-4D5C-9BB7-16DFA935C4C1}

{EF758C50-5FA2-4B0A-86D3-8B65B176BC53}

Directories

Trojan-Downloader.Win32.Agent.ahoe may create the following directory or directories:

%ALLUSERSPROFILE%\gramblr

%ALLUSERSPROFILE%\nirds

%ALLUSERSPROFILE%\tlrzjcfpeq

%ALLUSERSPROFILE%\yemjxjfcbj

%APPDATA%\ww.fm

%LOCALAPPDATA%\WServices

%PROGRAMFILES%\Procedure

%PROGRAMFILES%\Windows Utility Update

%PROGRAMFILES%\eMail Extractor

%PROGRAMFILES%\machinerdata

%PROGRAMFILES(x86)%\Windows Utility Update

%PROGRAMFILES(x86)%\machinerdata

%TEMP%\HWMonitor

%USERPROFILE%\SecurityHealthSystray

%USERPROFILE%\cabapi

%UserProfile%\AppXDeploymentServer

%UserProfile%\wksprt

EnigmaSoft Releases NEW SpyHunter Pro to Fight Malware, Enhance Privacy Protection, & Optimize PCs

Search

Change Region

Trojan-Downloader.Win32.Agent.ahoe

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Trojan-Downloader.Win32.Agent.ahoe

File System Details

Registry Details

Directories

Submit Comment

Trending

'Your PC ran into a problem and needs to restart' Error

GoBruteforcer Malware

BlackSuit Ransomware

Most Viewed

AntiMalware

DNS Unlocker

Antivirus Security Pro