Category: Viruses and SpywareProtection available since:04 May 2007 00:00:00 (GMT)
Type: TrojanLast Updated:04 May 2007 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Bckdr-QIB is a Trojan for the Windows platform.

Troj/Bckdr-QIB includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/Bckdr-QIB copies itself to <System>\smcmcr.exe and creates the following files:


The file symvcs.sys is detected as Troj/Haxdor-Fam.

The file hmlscr.dll is also detected as Troj/Bckdr-QIB.

The files msctp.dll, perfc3460.dat and perfc4895.dat can be safely removed.

The following registry entry is created to run smcmcr.exe on startup:


The file symvcs.sys is registered as a new system driver service named "VISSV", with a display name of "VISSV" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:


The following registry entries are set, affecting internet security:

%windir%\system32\ctfmon.exe:*:Enabled:Microsoft Media Service Helper

%windir%\system32\mplay32.exe:*:Enabled:Microsoft Media Player

The following registry entry is set:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Registry entries are created under:

HKCU\Software\Microsoft\Media Player\Options