high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | December 2005 (4.00) |
| Protection available since | 26 October 2005 08:04:21 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/QQRob-R is a downloader Trojan for the Windows platform.
Troj/QQRob-R includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/QQRob-R copies itself to <System>\iexplore.exe and creates the file <Windows>\Deleteme.bat.
The following registry entry is created to run iexplore.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft
<System>\iexplore.exe
Troj/QQRob-R attempts to stop the following services:
RsRavMon
RsCCenter
KVSrvXP
kavsvc
KPfwSvc
KWatchSvc
wscsvc
SNDSrvc
ccProxy
ccEvtMgr
ccSetMgr
SPBBCSvc
Symantec Core LC
navapsvc
NPFMntor
MskService
McTaskManager
McShield
McAfeeFramework
Troj/QQRob-R attempts to terminate the following processes:
FireTray.exe
UpdaterUI.exe
TBMon.exe
SHSTAT.EXE
RAV.EXE
RAVMON.EXE
RAVTIMER.EXE
KVXP.KXP
KVCENTER.KXP
Iparmor.exe
MAILMON.EXE
KAVPFW.EXE
KmailMon.EXE
KAVStart.exe
TrojanDetector.EXE
The Trojan also attempts to remove the following registry entries:
HKLM\SoftWare\Microsoft\Windows\CurrentVersion\Run
RunRavMon
KAVPersonal50
RavTimer
KvMonXP
iDuba Personal FireWall
KAVRun
KpopMon
Kulansyn
KavPFW
KvXP
ccApp
SSC_UserPrompt
NAV CfgWiz
MCAgentExe
McRegWiz
MCUpdateExe
MSKAGENTEXE
MSKDetectorExe
VirusScan Online
VSOCheckTask
McAfeeUpdaterUI
Network Associates Error Reporting Service
ShStatEXE
KavStart
Services
KWatch9x
|
