Troj/Qbot-J

Category: Viruses and Spyware Protection available since:15 Mar 2010 21:16:13 (GMT)
Type: Trojan Last Updated:15 Mar 2010 21:16:13 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Qbot-J is a Trojan for the Windows platform.

Troj/Qbot-J includes functionality to:

- run automatically
- copy itself to the <System> folder
- create files in the <System> folder
- access the internet and communicate with a remote server via HTTP

Troj/Qbot-J communicates via HTTP with the following locations:

vinodel . if . ua


When Troj/Qbot-J is installed the following files are created:

<System>\lowsec\local.ds
<System>\lowsec\user.ds
<System>\lowsec\user.ds.lll
<System>\sdra64.exe

Registry entries are set as follows:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Connections
DefaultConnectionSettings

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Winlogon
Userinit

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Connections
SavedLegacySettings

Registry entries are created under:

HKCU\Software\Microsoft\Protected Storage System Provider

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy