This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Minimum DAT

6803 (2012-08-14)

Updated DAT

6803 (2012-08-14)

Minimum Engine


File Length


Description Added


Description Modified


This is a Trojan

File Properties Property Values
McAfee Detection Generic.evx!bz
Length 879104 bytes
MD5 ad6f72b851ebcf7bf7c8b1c551140c5f
SHA1 37275cfd9e185b979c15fb8681c4c8434f224ed9

Other Common Detection Aliases

Company Names Detection Names
EMSI Software Trojan.SuspectCRC!IK
avast Win32:FinSpy-A
AVG (GriSoft) Dropper.Generic6.NHD
avira TR/Dropper.Gen
Kaspersky Trojan.Win32.Agentb.ty
BitDefender Trojan.Generic.6854490
clamav PUA.Win32.Packer.SetupExeSection
Dr.Web Trojan.MulDrop3.31380
FortiNet Evx.BZ!tr
Microsoft Trojan:Win32/Spinfy.A
Symantec Backdoor.Finfish
Eset Win32/Belesak.D trojan
norman W32/Troj_Generic.DCTRI
panda Generic Trojan
Sophos Troj/FinFish-B
vba32 Trojan.Agentb.ty
V-Buster Trojan.Agentb!5zZ9ImcrE6c (trojan)

Other brands and names may be claimed as the property of others.

Activities Risk Levels
Enumerates many system files and directories.
Process attempts to call itself recursively
Attempts to write to a memory location of an unknown process
No digital signature is present

McAfee Scans Scan Detections
McAfee Beta Generic.evx!bz
McAfee Supported Generic.evx!bz

System Changes

Some path values have been replaced with environment variables as the exact location may vary with different configurations. e.g. %WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000) %PROGRAMFILES% = \Program Files

The following files were analyzed:


The following files have been added to the system:

  • %TEMP%\37275cfd9e185b979c15fb8681c4c8434f224ed9.jpg
  • %TEMP%\tmp11.tmp
The following files were temporarily written to disk then later removed:

  • %TEMP%\delete.bat
  • %TEMP%\driverw.sys
  • %TEMP%\tmp12.tmp