Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow internet connection
  • Slow Computer

Backdoor.Agent.aghv

Backdoor.Agent.aghv is wreaking all kinds of havoc on the internet community. Being a form of Trojan infection, this backdoor infection falls under the most widespread and most dangerous types of Trojan infections.

As is typical of Backdoor infections, Backdoor.Agent.aghv is an example of a remote administration utility that was designed to open up exploits on an infected system, so as to allow for external control of the machine, via LAN or via the internet itself.
The difference between legitimate remote administrative utilities and Backdoor.Agent.aghv is the fact that Backdoor.Agent.aghv launches and installs backdoors into the system without the user’s knowledge or permission thereof, therefore the infected system is covertly infiltrated and remains covertly active regardless.

As a Backdoor infection, Backdoor.Agent.aghv may be capable of performing the following functions:

• Sending/ receiving files
• Launching/ deleting files
• Executing files
• Displaying notification
• Deleting data
• Rebooting the machine

So, to recap, Backdoor.Agent.aghv is used by its creators to detect and download confidential information embedded within the infected computer system. Once installed inside the machine, Backdoor.Agent.aghv will execute malicious code, destroy data, and may even include the infected machine in Bot networks, to further carry out dubious actions.

What Backdoor.Agent.aghv will do is also install a .dll file, when the user of the infected system visits certain malicious websites. The .dll file allows these malicious applications to perform its varying harmful functions – which in turn only compromises the integrity of the system further.

In order to safeguard a computer system against these type infections, there are a few steps one can take to ensure the safety of a computer system:

1. Use a firewall to block all dubious connections from the internet.
2. Enforce a password policy. Ensure the passwords implemented are complex, so as to prevent and limit damage to a compromised system.
3. Ensure that programs and users are at its lowest level of privileges – this way access is limited to the administrator.
4. Disable AutoPlay – this way you prevent the automatic launching of executable files on networks and removal drives.
5. Turn off File Sharing if it is not needed.
6. Turn off and remove all unnecessary services.
7. Always keep patch-levels up-to-date
8. Configure your server to block and remove all email attachments that have the file extensions: .vbs, .bat, .exe, .pif, .scr – as these type files are usually affiliated with malicious applications.

Although manual removal may be the best way to delete this parasite, and all its affiliates, the manual removal process is rather complicated and cumbersome , and should not be attempted by a computer novice, as one needs to be able to navigate their way around the registry files of the infected system, therefore, I would recommend that in order to avoid any unneeded risks of damage to your computer system, it is highly recommended to make use of a reliable and legitimate anti-spyware application, so as to remove Backdoor.Agent.aghv and all its components from the infected computer system.

Good Luck!

Download Spyware Removal Tool to Remove* Backdoor.Agent.aghv
  • Quick & tested solution for Backdoor.Agent.aghv removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Backdoor.Agent.aghv

Files associated with Backdoor.Agent.aghv infection:

mmmdhfdh.dll
mstaskmgr.exe
socksbot[1].exe, msupdt.exe
services.exe
alg.exe
csrssc.exe
svchost.exe
aqadcup.exe
mmmdhfdh.dll
ckp.exe
mstask32.com
WinHealer.dll
9A459C39.DLL
userint32.exe
winpol.exe
SysInfo.dll
netfx20.exe
cftmon.exe
8399.exe
EBstrSvc.exe
lsass.exe
uwxv.exe
ryjidote.dll
qwertybot.exe
TuneUp.exe
aspimgr.exe
ip_fw.sys
bndmss.exe
msupdt.exe
socksbot[1].exe
socksbot[1].exe, msupdt.exe
socksbot[1].exe

Backdoor.Agent.aghv DLL's to remove:

9A459C39.DLL
mmmdhfdh.dll
WinHealer.dll
SysInfo.dll
ryjidote.dll
mmmdhfdh.dll

Backdoor.Agent.aghv processes to kill:

socksbot[1].exe
socksbot[1].exe, msupdt.exe
mstaskmgr.exe
socksbot[1].exe, msupdt.exe
services.exe
alg.exe
csrssc.exe
svchost.exe
aqadcup.exe
ckp.exe
userint32.exe
winpol.exe
netfx20.exe
cftmon.exe
8399.exe
EBstrSvc.exe
lsass.exe
uwxv.exe
qwertybot.exe
TuneUp.exe
aspimgr.exe
bndmss.exe
msupdt.exe
socksbot[1].exe

Remove Backdoor.Agent.aghv registry entries:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30D36D16-F091-499C-D9AF-7D2B4CB48684}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Microsoft ASPI Manager
RUNNING PROGRAM\aspimgr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ TuneUp
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\qwertybot.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ uwxv
RUNNING PROGRAM\lsass.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eBoostr Service
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ autoload
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ netnt
RUNNING PROGRAM\winlogon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\winpol
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Windows Service Manager
HKEY_LO
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.