FANDOM



This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.




Minimum DAT

6803 (2012-08-14)

Updated DAT

6803 (2012-08-14)

Minimum Engine

5400.1158

File Length

879104

Description Added

2012-08-14

Description Modified

2012-08-14




This is a Trojan


File Properties Property Values
McAfee Detection Generic.evx!bz
Length 879104 bytes
MD5 ad6f72b851ebcf7bf7c8b1c551140c5f
SHA1 37275cfd9e185b979c15fb8681c4c8434f224ed9




Other Common Detection Aliases


Company Names Detection Names
EMSI Software Trojan.SuspectCRC!IK
avast Win32:FinSpy-A
AVG (GriSoft) Dropper.Generic6.NHD
avira TR/Dropper.Gen
Kaspersky Trojan.Win32.Agentb.ty
BitDefender Trojan.Generic.6854490
clamav PUA.Win32.Packer.SetupExeSection
Dr.Web Trojan.MulDrop3.31380
FortiNet Evx.BZ!tr
Microsoft Trojan:Win32/Spinfy.A
Symantec Backdoor.Finfish
Eset Win32/Belesak.D trojan
norman W32/Troj_Generic.DCTRI
panda Generic Trojan
Sophos Troj/FinFish-B
Trend Micro TROJ_FINSPY.A
vba32 Trojan.Agentb.ty
V-Buster Trojan.Agentb!5zZ9ImcrE6c (trojan)


Other brands and names may be claimed as the property of others.




Activities Risk Levels
Enumerates many system files and directories.
Process attempts to call itself recursively
Attempts to write to a memory location of an unknown process
No digital signature is present





McAfee Scans Scan Detections
McAfee Beta Generic.evx!bz
McAfee Supported Generic.evx!bz




System Changes

Some path values have been replaced with environment variables as the exact location may vary with different configurations. e.g. %WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000) %PROGRAMFILES% = \Program Files



The following files were analyzed:

37275cfd9e185b979c15fb8681c4c8434f224ed9

The following files have been added to the system:


  • %TEMP%\37275cfd9e185b979c15fb8681c4c8434f224ed9.jpg
  • %TEMP%\tmp11.tmp
The following files were temporarily written to disk then later removed:


  • %TEMP%\delete.bat
  • %TEMP%\driverw.sys
  • %TEMP%\tmp12.tmp

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.