W32/Qbot-I

    Category: Viruses and SpywareProtection available since:13 Feb 2010 01:02:37 (GMT)
    Type: Win32 wormLast Updated:13 Feb 2010 01:02:37 (GMT)
    Prevalence: Small Number of Reports

    Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

    W32/Qbot-I is a worm and IRC backdoor Trojan for the Windows platform.

    W32/Qbot-I attempts to spread via network shares using weak passwords.

    W32/Qbot-I includes functionality to:

    - steal passwords
    - log keystrokes
    - perform remote FTP commands
    - harvest confidential information including MSN Explorer accounts
    - inject code into other processes
    - schedule tasks jobs or cron jobs on the infected computer
    - send ping commands to remote destinations
    - perform data dumps
    - retrieve network TCP stack information
    - harvest information from the Protected Storage areas
    - harvest information from the Local Shared Object (LSO) for Macromedia Flash Player repositories

    W32/Qbot-I may make modifications to the following registry entries:

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce

    Download Sophos HomeDownload
    Sophos Home

    Free business-grade security for the home.

    Endpoint Protection