Win32.Agent.pz: how does it get on a computer?

By john ·
I've removed this from dozens of computers and it's not too difficult, but does anyone know how it infects a computer in the first place? I manage hundreds of computers and am getting tired of removing this bug.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

re: Agent.pz

by ThumbsUp2 In reply to Win32.Agent.pz: how does ...

Win32.Agent.pz also known as Agent.pz is a widely spread backdoor trojan horse that allows hackers to take full control over local and network computers. Trojan Win32.Agent.pz allows attackers to set all options and rules for hijacked servers.

Generally, the Win32.Agent.pz trojan is installed after clicking on spam e-mail links, corrupt freeware and p2p downloads or via hijacked web sites. Any site which doesn't take adequate security precautions can be hijacked and their visitors become infected.

The above is from and reworded just a bit. This was found using a simple web search, something anybody can do.

Basically, if you have one system infected, it is likely infecting other systems on the LAN. It could even be the server which is infected.

(edited to add credit to

Collapse -

nicely done

by shasca In reply to re: Agent.pz

Very good brief expl.

Collapse -

Thanks, but I can't take the credit....

by ThumbsUp2 In reply to nicely done

I found it at the same place Jacky did:

... and I forgot to give credit for it (in a hurry). I'll go back and do that. :8}

Of course, I changed the wording from their site just a bit because further investigation showed that the infestation is coming from not only pornographic web sites. In fact, I found one forum where the person asking the questions said they had visited a web site for a senior retirement center trying to find out more information about it and got infected when clicking on a seemingly innocent link within the site. Apparently, the sites are being hacked and the malicious code is being embedded in a script which creates IFRAMEs loading from the hackers web site and which installs an executable without the visitor knowing it. It appears to be a nasty little critter!

Collapse -

Sorry Thummy

by Jacky Howe In reply to Thanks, but I can't take ...

I had the post open for awhile and didn't check before making my post. I was actually trying to find information from one of the AV vendors but when I found the link and it had the aliases I posted. I thought that the OP could do some more checking if needed. They won't be able to miss that site.

Collapse -

I was doing the same thing.......

by ThumbsUp2 In reply to Sorry Thummy

Since I hate to give links to sites which claim to 'scan and fix it for you', I was searching for more information too and thought, when I clicked submit, surely Jacky would have beaten me to it. Immagine my relief when I saw I actually beat you to it!

I too had visited the AV vendors and found nothing. The site we both found was at the top of the search results and offered a simple explanation, so I grabbed it. Others I looked at had far more in depth explanations, but I was too lazy to use them.

And, I too thought the OP could have done a simple web search to find out more about the critter if they actually wanted to. :ar!

Collapse -


by Jacky Howe In reply to I was doing the same thin ...

it seems that we do most of the work for the OP's. But a Thumb as a reward is good incentive. I feel the same way about the sites that say they will scan & fix it and by the time that you download the software and install it only to find that you have to pay for it is a PITA. I would prefer to manually remove it/them if I can find the instructions.

Collapse -

Same here...

by ThumbsUp2 In reply to LOL

Just give me a list of what the critter does and I'll go manually pull it out by the teeth. That way, I know I haven't downloaded some other critter to fix the first critter.

Collapse -

the OP

by john In reply to I was doing the same thin ...

Did it ever occur to you that I already did a "simple web search" and got the same vague information from the site you referred to? I thought maybe there was a security patch for Windows or IE that addressed a specific security hole that this trojan exploits. Or maybe there was a certain website that was known for spreading this bug? Thanks for your help anyway, but I expected more professionalism from a "Tech" forum.

Collapse -

You get what you ask for.....

by ThumbsUp2 In reply to the OP

You asked a simple question... how it got on a computer..., we gave a simple answer!

In your original post, you made absolutely no mention of having already searched for information, finding the same thing we provided to you through a simple search, which is all we did.

Had you been professional enough to ask the question in a format that indicated you had any intelligence at all, such as providing details of what you had already found... but were still curious about certain aspects of the virus, perhaps our answers would have been a bit more intelligent.

As it stands now, since you've gone and blown your cover, you've gotten the last bit of help we'll EVER offer to you. Just remember, we all keep a SH!T list and you've just hit the top of it.

Collapse -

how it infects a computer in the first place

by Jacky Howe In reply to the OP

spam e-mail links, corrupt freeware and p2p downloads or via pornographic related web sites

That tells me of at least four ways that the infection is spread. Maybe you need to educate your users.

You asked a simple question so you received a simple answer that was Helpful as far as I'm concerned.

Related Discussions

Related Forums