Categories: Trojan,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.
[Kaspersky]Trojan-PSW.Win32.QQPass.iu,Trojan-PSW.Win32.QQRob.fb,Trojan-PSW.Win32.QQRob.gc,Trojan-PSW.Win32.QQRob.ko,Trojan-PSW.Win32.QQRob.ei,Trojan-PSW.QQPass.qs,Trojan-PSW.Win32.QQRob.lo,Trojan-PSW.Win32.QQRob.hc,Trojan-PSW.Win32.QQRob.is,Trojan-PSW.Win32.QQPass.sy;
[McAfee]Generic PWS.o,PWS-QQRob,PWS-QQPass.gen,PWS-Hook;
[Other]Win32/QQRob.Y,Infostealer,Infostealer.Lemir,Troj/QQRb-Gen,W32/QQRob.SF,Win32/QQRob,Win32/QQRob.X,Infostealer.QQRob.A,trojan legmir,Troj/QQRob-B,TSPY_QQROB.AQ,Win32/QQRob.AM,Win32/QQRob.AL,Win32/QQRob.BA,Win32/QQRob.BN
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\drivers\conime.exe
[%SYSTEM%]\severe.exe
[%SYSTEM%]\cpgppf.dll
[%SYSTEM%]\cpgppf.exe
[%SYSTEM%]\drivers\cwyumh.exe
[%SYSTEM%]\hx1.bat
[%SYSTEM%]\rpcsk.dll
[%SYSTEM%]\rpcsk.exe
[%SYSTEM%]\tgejsy.dll
[%SYSTEM%]\tgejsy.exe
[%WINDOWS%]\Help\ADSAL.CHM
[%WINDOWS%]\system\dai.exe
[%SYSTEM%]\drivers\conime.exe
[%SYSTEM%]\severe.exe
[%SYSTEM%]\cpgppf.dll
[%SYSTEM%]\cpgppf.exe
[%SYSTEM%]\drivers\cwyumh.exe
[%SYSTEM%]\hx1.bat
[%SYSTEM%]\rpcsk.dll
[%SYSTEM%]\rpcsk.exe
[%SYSTEM%]\tgejsy.dll
[%SYSTEM%]\tgejsy.exe
[%WINDOWS%]\Help\ADSAL.CHM
[%WINDOWS%]\system\dai.exe
How to detect QQRob:
Files:
[%SYSTEM%]\drivers\conime.exe
[%SYSTEM%]\severe.exe
[%SYSTEM%]\cpgppf.dll
[%SYSTEM%]\cpgppf.exe
[%SYSTEM%]\drivers\cwyumh.exe
[%SYSTEM%]\hx1.bat
[%SYSTEM%]\rpcsk.dll
[%SYSTEM%]\rpcsk.exe
[%SYSTEM%]\tgejsy.dll
[%SYSTEM%]\tgejsy.exe
[%WINDOWS%]\Help\ADSAL.CHM
[%WINDOWS%]\system\dai.exe
[%SYSTEM%]\drivers\conime.exe
[%SYSTEM%]\severe.exe
[%SYSTEM%]\cpgppf.dll
[%SYSTEM%]\cpgppf.exe
[%SYSTEM%]\drivers\cwyumh.exe
[%SYSTEM%]\hx1.bat
[%SYSTEM%]\rpcsk.dll
[%SYSTEM%]\rpcsk.exe
[%SYSTEM%]\tgejsy.dll
[%SYSTEM%]\tgejsy.exe
[%WINDOWS%]\Help\ADSAL.CHM
[%WINDOWS%]\system\dai.exe
Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\rpcsk
Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adam.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.com
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\eghost.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icesword.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmo.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kabaload.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kregex.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvdetect.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvmonxp.kxp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvxp.kxp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\magicset.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmsk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msconfig.com
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfw.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwliveupdate.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qqdoctor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ras.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rav.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.com
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sreng.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trojdie.kxp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wopticlean.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
Removing QQRob:
You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.
Or buy it to remove ALL viruses from your computer.Also Be Aware of the Following Threats:
Bopninja Trojan Information
CashBar Adware Symptoms
Malum.ANBG Trojan Removal instruction
Removing SmartFixer Ransomware
Insult.Media Backdoor Cleaner
No comments:
Post a Comment