high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 14 April 2005 20:36:49 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/QQRob-C is a password-stealing Trojan.
Troj/QQRob-C will attempt to email out stolen details.
When first run, Troj/QQRob-C will copy itself to the Windows system folder as NTDHCP.EXE. In order to run automatically each time a user logs on, Troj/QQRob-C will set the following registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NTdhcp
<Windows system folder>\NTdhcp.exe
Troj/QQRob-C will attempt to terminate the following processes:
CCAPP.EXE
EGHOST.EXE
KAV32.EXE
KAVPFW.EXE
KAVPLUS.EXE
KPOPMON.EXE
KVCENTER.KXP
KVFW.EXE
KVMonXP.KXPK
KWATCHUI.EXE
MAILMON.EXE
MCAGENT.EXE
MCVSESCN.EXE
MSKAGENT.EXE
PasswordGuard.exe
RAV.EXE
RAVMON.EXE
RAVTIMER.EXE
VXP.KXP
Troj/QQRob-C will attempt to close the windows of a number of anti-virus and security-related applications.
Troj/QQRob-C will attempt disable the Windows Security Center and terminate the following services:
ccEvtMgr
ccProxy
ccSetMgr
kavsvc
KVSrvXP
MskService
navapsvc
NPFMntor
RsCCenter
RsRavMon
SNDSrvc
SPBBCSvc
Symantec Core LC
wscsvc
Troj/QQRob-C will attempt to prevent a number of anti-virus and security-related applications from running automatically on Windows startup by deleting autostart registry entries and modifying the their service startup types.
|
