Troj/Bckdr-QNY

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Protection available since	13 June 2008 17:32:01 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/Bckdr-QNY is a backdoor Trojan for the Windows platform.

Troj/Bckdr-QNY includes functionality to access the internet and communicate with a remote server.

When Troj/Bckdr-QNY is installed the following files are created:

<System>\00051be1.sys - a text file that can be safely deleted.
<System>\<random characters>.dll - detected as Troj/Bckdr-QNI

The file guridr.dll is registered as a new service named "clipupdate". Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\clipupdate

The following registry entry is created:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
clipupdate
clipupdate

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Sophos blogs

Troj/Bckdr-QNY

Summary

Action

More Information