Agent.AWF

AWF (or Agent.AWF) is a malicious Trojan downloader affecting the Microsoft Windows operating system.

Methods of infection
This Trojan is considered obsolete, and there are no known variants in the wild.

Affected operating systems
The following operating systems are known to be affected.


 * Windows XP
 * Windows 2003
 * Windows 2000
 * Windows ME
 * Windows 98
 * Windows 95
 * Windows NT

Operation
Agent.AWF displays virus activity in that it replaces files on a user's computer with a copy of itself, and moves the original, legitimate file to a back sub-folder. It is known to attempt to terminate security software, and the Trojan downloads a backdoor onto the computer, allowing the attacker to further compromise the computer. It is also known to modify the Windows registry. Agent.AWF does not spread automatically: it needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, emails with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Identification
During installation, the following files are created, and may be present on a compromised system.


 * abc123.pid
 * svcipa.exe
 * nod32kui.exe