TSPY_AGENT.AAYO
TSPY_AGENT.AAYO is a Trojan that will arrive on the system coming from another threats. TSPY_AGENT.AAYO may expose system information and DNS settings that may lead to unauthorized use of this data. The Trojan can also connect to a remote server to updated itself.
Damage Level: Low
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Technical Details and Additional Information:
What can TSPY_AGENT.AAYO do to infected system?
- Enables automatic execution of itself on Windows start-up.
- Connects to a predefined URL to gather information.
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\DomainService
ImagePath = {Malware path and file name}
TSPY_AGENT.AAYO – Removal
Removing TSPY_AGENT.AAYO Manually:
1. If using Windows ME or XP, System Restore must be disabled to prevent the threat from restoring itself. [Windows XP System Restore]
2. Update the virus definitions.
3. Reboot Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
6. Exit registry editor and restart Windows.
Anti-virus Tools
Online Virus Scanner:
Online virus scanner can provide scan and clean functions just like any anti-virus software without the need to install additional AV product. Perform a thorough scan with free Online Virus Scanner that can be found on websites of legitimate security software provider.
Scan with Norton Power Eraser:
Norton Power Eraser is a virus removal tool created by Norton Antivirus to remove unfamiliar threats without using the traditional AV signatures. Download the tool and start scanning with Norton Power Eraser.
Scan with Portable Antivirus:
Most of the time, Trojan associated with a rogue program will disable Windows functionalities and prevent the compromised computer from executing any application including antivirus program locally installed. If this happens, you can try using a McAfee Portable Antivirus called Stinger. It can be downloaded for free.
Kaspersky Bootable USB Flash Drive
A tool from Kaspersky will allow you to create a bootable virus scanner that can be run from any computer. This can be boot and run from media drives such as CD, DVD or USB Flash Drive. Download and follow the procedures here.
suzie
Oct 17, 2007 @ 17:52:35
This didn’t work for me. “aayo” is still making its way back into the system.
phoebe
Oct 18, 2007 @ 11:12:22
This thing confuses me HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services
What am I supposed to do when all those files pop up?