FANDOM



Trojan.Win32.Agent2.dtb or Agent.dtb is a trojan dialer on Microsoft Windows which attempts to call Premium Rate numbers in order to waste users' money.

Payload

Once launched, it will extract code from Trojan.Win32.Dialer.tvx into its own process. It will then do the following:

  1. Gain access to Modem connections
  2. Retrieve premium rate numbers from: http://91.***.118.***/Dialer_Min/number.asp.
  3. Retrieved information is deposited into %WinDir%\number.txt

It will then attempt to call these numbers to allow excessive charges to be supplied to the user.

Removal

  1. Terminate the process via Task Manager.
  2. Delete the original file.
  3. Clear Temporary Internet Files, cache and cookies.
  4. Scan with an antivirus solution

Sources

Securelist (Kaspersky Labs), Troan.Win32.Agent2.dtb