Sunday, January 25, 2009

QQPass Trojan

Removing QQPass
Categories: Trojan,Downloader,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
QQPass Also known as:

[Kaspersky]Backdoor.Win32.Hupigon.rc,Packed.Win32.NSAnti,Trojan-PSW.Win32.QQPass.hr,Trojan-PSW.Win32.QQPass.nw,Trojan-PSW.WIn32.QQPass.nw,Trojan-PSW.Win32.QQPass.tl,Trojan-PSW.Win32.QQPass.pf,Trojan-PSW.Win32.QQPass.mw,Trojan-PSW.Win32.QQPass.bau,Trojan-PSW.Win32.OnLineGames.dbu,Trojan-PSW.Win32.OnLineGames.dcu,Trojan-PSW.Win32.QQPass.ld,Trojan-PSW.Win32.QQPass.afn,Trojan-PSW.Win32.OnLineGames.hyl,Trojan-PSW.Win32.QQShou.ll;
[McAfee]PWS-QQRob,PWS-QQPass,Generic OWS.o,PWS-Hook.dll,PWS-QQGame;
[F-Prot]W32/PWStealer.BTC,W32/Backdoor.AANC;
[Panda]Trj/PSW.QQpass.drp,Trojan Horse,Trojan Horse.LC,Trj/PSW.QQpas,Trj/PSW.QQpass,Trj/PSW.QQpass.j;
[Computer Associates]Win32/QQpass.H!PWS!Trojan,Win32/QQPass.O!PWS!Trojan,Win32/QQPass!PWS!Trojan,Win32/QQPass.6197!Trojan,Win32/QQPass.AT!PWS!Trojan,Win32/QQPass.ATM!PWS!Trojan,Win32/QQpass.E!PWS!Trojan,Win32/QQPass.L!PWS!Trojan,Win32/QQpass.197!PWS!Trojan,Win32/QQPass.AB!PWS!Trojan,Win32/QQpass.D!PWS!Trojan,Win32/Qqpass!PWS!Trojan,Win32/QQpass.68!PWS!Dropper,Win32/QQpass.J!PWS!Trojan;
[Other]Infostealer,Troj/QQRb-Gen,Win32/QQPass.AD,Win32/QQPass.AX,Trojan.PWS.QQPass,Win32QQPass.BF,Win32/QQPass.AM,Infostealer.Lemir,Win32/QQPass.CG,Win32/QQPass.EE,Troj/QQPass-ALV,Infostealer.Gampass,Trojan:Win32/Delf.AT!dll,W32/QQPass.FHQ,Trojan:Win32/SystemHijack.gen,Trojan.Flush.G,Mal/Packer,Win32/QQPass.ET,W32/OnLineGames.VJZ,PWS:Win32/QQpass.CJL,W32.Gammima.AG
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\severe.exe
[%SYSTEM%]\tfidma.exe
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\system.jmp
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\SystemKK.sys
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\SysWin7k.Jmp
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\SysWin7s.Jmp
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\WinSys8s.Sys
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\Wn_Sys8x.Sys
[%SYSTEM%]\avzxbmn.dll
[%SYSTEM%]\avzxbst.exe
[%SYSTEM%]\lsas32.exe
[%SYSTEM%]\QQSPY.exe
[%SYSTEM%]\Ravon.exe
[%SYSTEM%]\severe.exe
[%SYSTEM%]\tfidma.exe
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\system.jmp
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\SystemKK.sys
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\SysWin7k.Jmp
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\SysWin7s.Jmp
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\WinSys8s.Sys
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\Wn_Sys8x.Sys
[%SYSTEM%]\avzxbmn.dll
[%SYSTEM%]\avzxbst.exe
[%SYSTEM%]\lsas32.exe
[%SYSTEM%]\QQSPY.exe
[%SYSTEM%]\Ravon.exe

How to detect QQPass:

Files:
[%SYSTEM%]\severe.exe
[%SYSTEM%]\tfidma.exe
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\system.jmp
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\SystemKK.sys
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\SysWin7k.Jmp
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\SysWin7s.Jmp
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\WinSys8s.Sys
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\Wn_Sys8x.Sys
[%SYSTEM%]\avzxbmn.dll
[%SYSTEM%]\avzxbst.exe
[%SYSTEM%]\lsas32.exe
[%SYSTEM%]\QQSPY.exe
[%SYSTEM%]\Ravon.exe
[%SYSTEM%]\severe.exe
[%SYSTEM%]\tfidma.exe
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\system.jmp
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\SystemKK.sys
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\SysWin7k.Jmp
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\SysWin7s.Jmp
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\WinSys8s.Sys
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\Wn_Sys8x.Sys
[%SYSTEM%]\avzxbmn.dll
[%SYSTEM%]\avzxbst.exe
[%SYSTEM%]\lsas32.exe
[%SYSTEM%]\QQSPY.exe
[%SYSTEM%]\Ravon.exe

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{2859245f-345d-bc13-ac4f-145d47da34f2}
HKEY_CLASSES_ROOT\clsid\{6e44887f-5214-41f2-ab46-4728735c4cc6}
HKEY_CLASSES_ROOT\clsid\{7671889d-cc99-4335-bac8-48088f1045a4}
HKEY_CLASSES_ROOT\clsid\{f81f75c9-f974-4772-b72d-f28cbcd98c5f}
HKEY_CURRENT_USER\software\tencent
HKEY_LOCAL_MACHINE\software\tcplus
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ope004

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing QQPass:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Sulfnbk.Attachment Trojan Removal
Hkdoor Trojan Information
Removing Win32.VB.gg Trojan
Remove Boot.IIB RAT

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)