Technical details:
Categories: Trojan,Adware
[Kaspersky]Adware.Win32.AdHelper.ay,AdWare.Win32.AdHelper.gen,Trojan-Dwonloader.Win32.QQHelper.gb,Trojan-Downloader.Win32.QQHelper.gen,AdWare.Win32.AdHelper.cz;
[McAfee]Generic Downloader.h,Backdoor-CVM;
[F-Prot]W32/Downloader.AAWI;
[Other]Infostealer,Backdoor.CVM,Trojan-Downloader.win32.QQHelper.ce,Win32/QQHelp.N,Adware.Adhelper,Win32/Sillydl.AHL,Win32/SillyDl.AHL,Win32/QQHelp.J,Win32/QQHelpBP,Downloader QuickButton Folders:
[%PROGRAM_FILES%]\coolsign
[%PROGRAM_FILES_COMMON%]\UPDAT
QuickButton Files:
[%PROGRAM_FILES_COMMON%]\System\Updaterun.exe
[%SYSTEM%]\advport.dll
[%SYSTEM%]\nt.sys
[%SYSTEM%]\Score.txt
[%SYSTEM%]\wbem\ocmor.dat
[%SYSTEM%]\wbem\ocmor.dll
[%PROGRAM_FILES%]\CoolWebsite\QuickLink.dll
[%PROGRAM_FILES%]\CoolWebsite\uninst.exe
[%SYSTEM%]\bind_40255.exe
[%SYSTEM%]\spted.dll
[%SYSTEM%]\wbem\IRJIT.dll
[%PROGRAM_FILES_COMMON%]\System\Updaterun.exe
[%SYSTEM%]\advport.dll
[%SYSTEM%]\nt.sys
[%SYSTEM%]\Score.txt
[%SYSTEM%]\wbem\ocmor.dat
[%SYSTEM%]\wbem\ocmor.dll
[%PROGRAM_FILES%]\CoolWebsite\QuickLink.dll
[%PROGRAM_FILES%]\CoolWebsite\uninst.exe
[%SYSTEM%]\bind_40255.exe
[%SYSTEM%]\spted.dll
[%SYSTEM%]\wbem\IRJIT.dll
QuickButton Registry Keys:
HKEY_CLASSES_ROOT\clsid\{d1bb7cf4-4463-4e91-88d7-ecc3ce0a13b7}
HKEY_CLASSES_ROOT\quickbutton.quickbtn
HKEY_CLASSES_ROOT\sss1.sss2.1
HKEY_CLASSES_ROOT\{d1bb7cf4-4463-4e91-88d7-ecc3ce0a13b7}
HKEY_LOCAL_MACHINE\software\divnet
HKEY_LOCAL_MACHINE\software\lamp
HKEY_LOCAL_MACHINE\software\microsoft\directoutput
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{1d901067-2529-4a9b-9b6b-7a1db3a44cb5}
HKEY_LOCAL_MACHINE\software\microsoft\studio
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\coolsign
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_barcase
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\barcase
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\barcase
HKEY_CLASSES_ROOT\interface\{0083de51-eb2e-4521-a95c-735d8e563373}
HKEY_CLASSES_ROOT\ssss1.ssss2.1
HKEY_CLASSES_ROOT\typelib\{933db9d6-9447-4efe-aba2-eaf3b309b44c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d1bb7cf4-4463-4e91-88d7-ecc3ce0a13b7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\quicklink
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_atwork
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_dateing
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_ipdodrg
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_iunag
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_soscar
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\atwork
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dateing
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\dateing
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\soscar
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ipdodrg
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\iunag
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\soscar
QuickButton Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_CURRENT_USER\software\microsoft\internet explorer\typedurls
HKEY_CURRENT_USER\software\microsoft\internet explorer\typedurls
HKEY_CURRENT_USER\software\microsoft\internet explorer\typedurls
HKEY_CURRENT_USER\software\microsoft\internet explorer\typedurls
HKEY_CURRENT_USER\software\microsoft\internet explorer\typedurls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\license\parameters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\templates\parameters
QuickButton indications of infection
This symptoms of QuickButton detection are the files, registry, and network communication referenced in the technical details section.Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
Buy Exterminate-It antivirus software and perform a full scan of the computer.
You can also Download Free Trial Version of ExterminateIt! to check your your computer just NOW.
Also Be Aware of the Following Threats:
Wind.Prank Trojan Information
Posts
No comments:
Post a Comment