Trojan Horse PSW.Agent.ABKU
This page contains detailed analysis on Trojan Horse PSW.Agent.ABKU. To get rid of this Trojan, please use the removal guide below.
Trojan Horse PSW.Agent.ABKU is a generic detection for a variant of Trojan that can steal sensitive information from infected computers. It may also block some antivirus programs from running by disabling its process. Trojan Horse PSW.Agent.ABKU will also try to connect to a remote server and download more threats. This password-stealing threat will record key presses from the infected computer and save it as a log file. Then it sends the gathered data to a remote attacker on specific schedule through email or file transfer protocol.
Alias: New Malware.aj (McAfee), Trojan Horse (Symantec), TROJ_QQPASS.P (Trend Micro), Mal/Behav-009 (Sophos), Trojan.Zlob (Ikarus)
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Upon execution of Trojan Horse PSW.Agent.ABKU, it will drop file under Temp directory of Windows. Registry keys are also added to the compromised computer that is essential to perform its tasks.
The Trojan is also found to have other harmful characteristics like the following:
- It may connect to an Internet and request for additional malware files.
- Author of this Trojan utilized a packer that is not typically used for legitimate software.
- The Trojan may terminate any instance of security software services.
- It contains other characteristics and identified security risks.
Trojan Horse PSW.Agent.ABKU spreads through file-sharing network. In most occasions, a Trojan developer embeds its malicious code onto legitimate executable files that are made online through file-sharing servers. Using an encryption method not commonly used for commercial product, it often conceals itself from antivirus program. There are no reports that this Trojan can infect other computers that are on a local network.
How to Remove Trojan Horse PSW.Agent.ABKU
1. Temporarily Disable System Restore if you are using Windows XP. For Windows Vista/7 users, you may use System Restore to return Windows to a previous clean state. However, you must have a saved restore points to accomplish this. Otherwise, proceed with the removal process.
2. To be able to identify even the most recent variant of Trojan Horse PSW.Agent.ABKU, open your antivirus application and update the virus definition file.
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Scan with Norton Power Eraser:
Free tool from Symantec called Norton Power Eraser provides deep scanning technology to detect and remote threats like Trojan Horse PSW.Agent.ABKU. NPE targets and eliminate threats that regular virus scan fails to identify. Download NPE here.
Important! Because of Norton Power Eraser’s aggressive method, it can select even legitimate files as suspicious. Please use this tool very carefully.
Alternative Removal Method for Trojan Horse PSW.Agent.ABKU
Option 1 : Use Windows System Restore to return Windows to previous state
If Trojan Horse PSW.Agent.ABKU enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Trojan Horse PSW.Agent.ABKU infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.
Option 2 : Trojan Horse PSW.Agent.ABKU manual uninstall guide
IMPORTANT! Manual removal of Trojan Horse PSW.Agent.ABKU requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.
1. Kill any running process that belongs to Trojan Horse PSW.Agent.ABKU.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Trojan Horse PSW.Agent.ABKU files (refer to Technical Reference) and click End Process.
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
4. Delete all files dropped by Trojan Horse PSW.Agent.ABKU.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.