Troj/Dloadr-CQQ

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Protection available since	23 July 2009 14:56:15 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/Dloadr-CQQ is a Trojan for the Windows platform.

When first run Troj/Dloadr-CQQ copies itself to:
<Program Files>\<random upper-case letters>\<random letters>.exe

Troj/Dloadr-CQQ also creates the following files:

<Windows>\<random upper-case letters>.dll
<Windows>\<random upper-case letters>.txt

The file <random upper-case letters>.dll is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:

HKCR\CLSID\{74A6F07A-DA89-A001-DFC2-495117A58017}
HKCR\Interface\{11D9AE74-3FC1-41D6-911B-F5F503BBD8FE}
HKCR\TypeLib\{97EFC6B7-C73A-423E-8458-82C589CA7E3B}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74A6F07A-DA89-A001-DFC2-495117A58017}

Registry entries are set as follows:

HKCR\Thunder.xunlei.1\CLSID
(default)
{74A6F07A-DA89-A001-DFC2-495117A58017}

HKCR\Thunder.xunlei\CLSID
(default)
{74A6F07A-DA89-A001-DFC2-495117A58017}

Registry entries are created under:

HKCR\.key
HKCR\Thunder.xunlei

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Sophos blogs

Troj/Dloadr-CQQ

Summary

Action

More Information