Follow:

 

TrojanDownloader:Java/Agent.G


TrojanDownloader:Java/Agent.G is a detection for Java applet code that downloads and executes arbitrary files from a remote server.


What to do now

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials, or the Microsoft Safety Scanner. For more information about using antivirus software, see http://www.microsoft.com/security/antivirus/av.aspx.

Threat behavior

TrojanDownloader:Java/Agent.G is a detection for Java applet code that downloads and executes arbitrary files from a remote server.
Installation
TrojanDownloader:Java/Agent.G may be loaded by TrojanDownloader:Java/Agent.G.ldr via a malicious Web page. Java/Agent.G.ldr runs with the same privileges as the currently logged on user.
Payload
Downloads arbitrary files
The malicious HTML page hosting Java/Agent.G.ldr passes a parameter to Java/Agent.G.ldr that contains the server to contact and file to download. Java/Agent.G.ldr then runs TrojanDownloader:Java/Agent.G and attempts to download the requested file and save it as the following:
 
%TEMP%\<random number>.exe
 
The retrieved file is then executed.
 
Analysis by Shawn Wang

Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).

Prevention


Alert level: Severe
First detected by definition: 1.75.477.0
Latest detected by definition: 1.151.1570.0 and higher
First detected on: Feb 06, 2010
This entry was first published on: May 28, 2010
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • JAVA/OpenStre.ibs.2 (Avira)
  • Exploit.Java.6 (Dr.Web)
  • JAVA.OpenStre (Ikarus)
  • Trojan.DL.Java.Agent.SXXI (VirusBuster)