Troj/PWS-BQO

Category:	Viruses and Spyware	Protection available since:	28 Mar 2011 02:53:43 (GMT)
Type:	Trojan	Last Updated:	28 Mar 2011 02:53:43 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/PWS-BQO include:

Example 1

File Information

Size: 113K
SHA-1: 39a90f0b40cb9f7a587156bfa7f70102158a75ca
MD5: 09286da3c55aa6fd6ee0e90ea14302ad
CRC-32: 004db4d6
File type: application/x-ms-dos-executable
First seen: 2011-03-27

Example 2

File Information

Size: 281K
SHA-1: 68da750ac5134593f4fd609b95144446d5eb1114
MD5: 8603824b0d0d92f480d9229ba184d7b2
CRC-32: 23c62ba1
File type: application/x-ms-dos-executable
First seen: 2011-03-27

Other vendor detection

Kaspersky: Trojan-GameThief.Win32.Magania.enyo

Runtime Analysis

Copies Itself To

C:\WINDOWS\system32\MTRVEHNT.exe

Dropped Files

C:\WINDOWS\system32\MTRVEHNT10.dll
Size
113K
SHA-1
39a90f0b40cb9f7a587156bfa7f70102158a75ca
MD5
09286da3c55aa6fd6ee0e90ea14302ad
CRC-32
004db4d6
File type
application/x-ms-dos-executable
First seen
2011-03-27
C:\WINDOWS\system32\MTRVEHNT20.dll
Size
110K
SHA-1
a34812db77cf6f1e0ce2b81300a5e23c18c984ad
MD5
2edbe7914098877da22494df198c9455
CRC-32
408fe9fa
File type
application/x-ms-dos-executable
First seen
2011-03-27

Registry Keys Created

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MTRVEHNT
C:\WINDOWS\system32\MTRVEHNT.exe
HKCR\TypeLib\{3EAB4698-4178-4CA4-9568-9BCBE55D3096}\1.0\HELPDIR
(Default)
C:\WINDOWS\system32\
HKCR\Interface\{3EAB4691-4178-4CA4-9568-9BCBE55D3096}\ProxyStubClsid32
(Default)
{00020424-0000-0000-C000-000000000046}
HKCR\IEHlprObj.IEHlprObj.1
(Default)
IEHlprObj Class
HKCR\IEHlprObj.IEHlprObj.1\CLSID
(Default)
{3EAB4692-4178-4CA4-9568-9BCBE55D3096}
HKCR\IEHlprObj.IEHlprObj\CurVer
(Default)
IEHlprObj.IEHlprObj.1
HKCR\CLSID\{3EAB4692-4178-4CA4-9568-9BCBE55D3096}\InprocServer32
ThreadingModel
Apartment

Processes Created

c:\windows\explorer.exe
c:\windows\system32\regsvr32.exe

Example 3

File Information

Size: 110K
SHA-1: a34812db77cf6f1e0ce2b81300a5e23c18c984ad
MD5: 2edbe7914098877da22494df198c9455
CRC-32: 408fe9fa
File type: application/x-ms-dos-executable
First seen: 2011-03-27

Other vendor detection

Avira: TR/Crypt.CFI.Gen
Trend: PAK_Generic.001

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Troj/PWS-BQO

Example 1

File Information

Example 2

File Information

Other vendor detection

Runtime Analysis

Copies Itself To

Dropped Files

Registry Keys Created

Processes Created

Example 3

File Information

Other vendor detection

Free Mac Anti-Virus

Popular topics