Troj/Agent-QXD

Category: Viruses and SpywareProtection available since:28 Mar 2011 05:42:56 (GMT)
Type: TrojanLast Updated:28 Mar 2011 05:42:56 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-QXD exhibits the following characteristics:

File Information

Size
596K
SHA-1
ba91dda3cb76d09b515562c3822bb48fdd3edad4
MD5
0070031a6dd79ee95cd8b89711edf9cc
CRC-32
c7637dc8
File type
application/x-ms-dos-executable
First seen
2011-02-24

Other vendor detection

Avira
TR/Crypt.XPACK.Gen3
Kaspersky
Trojan.Win32.Diple.cxq

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\adload4C.dll
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\scanedisknk73.dll
  • c:\Documents and Settings\test user\adload4C.dll
Dropped Files
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\scandisk.lnk
    Size
    701
    SHA-1
    8cd711de712eb4c4447714bd30da102bec617fa1
    MD5
    0b7b1746fbd5f5c7cb72420b49bf6252
    CRC-32
    e56b871c
    File type
    application/octet-stream
    First seen
    2011-01-05
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    NvCplDaemonTool
    rundll32.exe C:\WINDOWS\system32\adload4C.dll,_IWMPEvents
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    NvCplDaemonTool
    rundll32.exe C:\DOCUME~1\support\adload4C.dll,_IWMPEvents