Follow:

You have been re-routed to the Trojan:Win32/AgentBypass write up because Trojan%3aWin32%2fAgentBypass has been renamed to Trojan:Win32/AgentBypass
 

Trojan:Win32/AgentBypass


Trojan:Win32/AgentBypass is a detection for files that attempt to inject possibly malicious code into the "explorer.exe" process.


What to do now

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products will detect and remove this threat:
 
 
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.

Threat behavior

Trojan:Win32/AgentBypass is a detection for files that attempt to inject possibly malicious code into the "explorer.exe" process.
 
"Explorer.exe" is the Windows default shell and is usually exempt from or in the trusted list of a software-based firewall rule allowing inbound and outbound network traffic.
 
The function of the injected code may vary but most samples are designed to load a DLL file into the "explorer.exe" process that bypasses the firewall. The code may also serve as a rootkit that interferes with the normal operation of "explorer.exe", such as hide files and folders from the user.  It could also allow the trojan to steal data and login details from the affected computer and send these to a remote server.
 
Analysis by Marianne Mallen

Symptoms

Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptoms.

Prevention


Alert level: Severe
First detected by definition: 1.45.287.0
Latest detected by definition: 1.173.2373.0 and higher
First detected on: Oct 07, 2008
This entry was first published on: Feb 04, 2011
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • Win-Trojan/Qqpass.40448. (AhnLab)
  • Trojan-Dropper.Win32.Small.gye (Kaspersky)
  • W32/Suspicious_Gen2.GZLDZ.dropper (Norman)
  • Trojan.DR.Small!ob6zp2w95ms (VirusBuster)
  • Dropper.Generic3.FIZ (AVG)
  • TR/Dropper.Gen (Avira)
  • Trojan.Inject.19665 (Dr.Web)
  • Win32/TrojanDropper.Agent.PCJ (ESET)
  • Trojan-Dropper.Win32.Small (Ikarus)
  • Generic Dropper!dhp (McAfee)