Trojan.Agent
Trojan.Agent refers to a generic Trojan malware detection. It is used for detections that are either associated with no specific malware families or not enough information is available to pinpoint the malware family.
Trojan.Kovter
Short bio
Trojan.Kovter is a detection for a family of malware that has many faces and targets Windows systems.
Type and source of infection
The main variants of Trojan.Kovter are aimed at performing ad-fraud and are very hard to detect and remove as they use fileless infection methods.
Kovter usually arrives in mail attachments as a Macro in a Word document file. When activated, the Macro downloads a file that creates a PowerShell command stored in the registry to gain persistence. Then the randomly named file deletes itself.
Protection
Malwarebytes protects users from Trojan.Kovter by using real-time protection.
Malwarebytes blocks Trojan.Kovter
Remediation
Most of the time, Malwarebytes can detect and remove Trojan.Kovter without further user interaction.
- Please download Malwarebytes to your desktop.
- Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
- Then click Finish.
- Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
- If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
In some cases, Malwarebytes Anti-Rootkit BETA is needed to find and delete the malicious registry key.
Related blog content
Untangling Kovter
No more Poweliks!
Fileless infections: an overview