W32/Qbot-I

Category: Viruses and SpywareProtection available since:13 Feb 2010 01:02:37 (GMT)
Type: Win32 wormLast Updated:13 Feb 2010 01:02:37 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Qbot-I is a worm and IRC backdoor Trojan for the Windows platform.

W32/Qbot-I attempts to spread via network shares using weak passwords.

W32/Qbot-I includes functionality to:

- steal passwords
- log keystrokes
- perform remote FTP commands
- harvest confidential information including MSN Explorer accounts
- inject code into other processes
- schedule tasks jobs or cron jobs on the infected computer
- send ping commands to remote destinations
- perform data dumps
- retrieve network TCP stack information
- harvest information from the Protected Storage areas
- harvest information from the Local Shared Object (LSO) for Macromedia Flash Player repositories

W32/Qbot-I may make modifications to the following registry entries:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce