Troj/Agent-GWE is a Trojan for the Windows platform.

When first run Troj/Agent-GWE copies itself to (System)\temp.exe.

The following registry entries are created to run temp.exe on startup:


HKCU\Software\Microsoft\Windows\CurrentVersion\Run Bandook
System\temp.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{B6A807N6-42DF-4W02-93E5-B156B3FA8AL1}
StubPath
System\temp.exe

Registry entries are created under:

HKCU\Software\Microsoft

More information can be found at this Sophos page.