Trojan.Win32.Agent2.dtb or Agent.dtb is a trojan which attempts to call Premium Rate numbers.
Once launched, it will extract code from Trojan.Win32.Dialer.tvx into its own process. It will then do the following:
- Gain access to Modem connections
- Retrieve premium rate numbers from: http://91.***.118.***/Dialer_Min/number.asp.
- Retrieved information is deposited into %WinDir%\number.txt
It will then attempt to call these numbers to allow excessive charges to be supplied to the user.
- Terminate the process via Task Manager
- Delete the original file.
- Clear Temporary Internet Files, cache and cookies.
- Scan with an antivirus solution
Securelist (Kaspersky Labs), Troan.Win32.Agent2.dtb