From Wikipedia, the free encyclopedia
Jump to: navigation, search

AWF (or Agent.AWF or Agent.btz) is a malicious Trojan downloader affecting the Microsoft Windows operating system.[1]

Methods of infection[edit]

This Trojan is considered obsolete, and there are no known variants in the wild.[1] However, an official from the Department of Homeland Security is quoted in a 2011 article as saying that the worm keeps evolving, is quite prolific and still infects computers. [2]

Affected operating systems[edit]

The following operating systems are known to be affected.


Agent.AWF displays virus activity in that it replaces files on a user's computer with a copy of itself, and moves the original, legitimate file to a bak sub-folder. It is known to attempt to terminate security software, and the Trojan downloads a backdoor onto the computer, allowing the attacker to further compromise the computer. It is also known to modify the Windows registry.


During installation, the following files are created, and may be present on a compromised system.[3]

  • svcipa.exe
  • nod32kui.exe

See also[edit]



  • The Economist, December 6, 2008, "The worm turns"