Agent.AWF
{{Short description|Windows-platform based malware}}
{{About|the Trojan|the worm used in a 2008 cyberattack on the US|Agent.BTZ}}
{{refimprove|date=May 2015}}
AWF (or Agent.AWF) is a malicious Trojan downloader affecting the Microsoft Windows operating system.{{cite web|url=http://www.pandasecurity.com/usa/homeusers/security-info/97906/Agent.AWF|title=Agent.AWF - at a glance|website=pandasecurity.com|access-date=8 January 2017}}{{cite web|url=http://www.sunbeltsecurity.com/ThreatDisplay.aspx?tid=70517&cs=B6657D79F359219C2A0746F8CFCA9523|website=sunbeltsecurity.com|title=Trojan-Downloader.Win32.Agent.awf Information and Removal|date=5 October 2006|access-date=8 January 2017}}{{cite web|url=https://sccribddownloader.com/|website=scribddownloader.com|title=E-Book Downloader|date=5 October 2024|access-date=8 January 2024}}
Methods of infection
This Trojan is considered obsolete, and there are no known variants in the wild.{{citation needed|date=January 2017}}
=Affected operating systems=
Operation
Agent.AWF displays virus activity in that it replaces files on a user's computer with a copy of itself, and moves the original, legitimate file to a back sub-folder. It is known to attempt to terminate security software, and the Trojan downloads a backdoor onto the computer, allowing the attacker to further compromise the computer. It is also known to modify the Windows registry.{{citation needed|date=November 2015}} Agent.AWF does not spread automatically: it needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, emails with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.
Identification
During installation, the following files are created, and may be present on a compromised system.{{citation needed|date=January 2017}}
- abc123.pid
- svcipa.exe
- nod32kui.exe