Solved! Use QQ.EXE (Trojan Magania) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

QQ.EXE – Trojan Magania removal

FileMD5Virus Alias
QQ.EXE e950a1b6ed13f6d06a68cce7ba3bb1aa Trojan Magania
QQ.EXE e950a1b6ed13f6d06a68cce7ba3bb1aa Trojan SuspiciousFile
QQ.EXE e950a1b6ed13f6d06a68cce7ba3bb1aa Backdoor Pigeon
QQ.EXE e950a1b6ed13f6d06a68cce7ba3bb1aa Trojan Downloader
QQ.EXE e950a1b6ed13f6d06a68cce7ba3bb1aa Backdoor Zegost
QQ.EXE e950a1b6ed13f6d06a68cce7ba3bb1aa Backdoor Farfli

QQ.EXE size: 102991 bytes
QQ.EXE hash: E950A1B6ED13F6D06A68CCE7BA3BB1AA

Created files:

C:\qq.exe
%SysDir%\NWCWorkstationUSA.dll
%AllUsersProfile%\svchost.exe
%Temp%\1340767_360.temp

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\BthServ\Type: 10010000
HKLM\System\CurrentControlSet\Services\BthServ\Start: 02000000
HKLM\System\CurrentControlSet\Services\BthServ\DisplayName: Bluetooth Support Service
HKLM\System\CurrentControlSet\Services\BthServ\ImagePath: “%AllUsersProfile%\svchost.exe”
HKLM\System\CurrentControlSet\Services\BthServ\DependOnService: RpcSs
HKLM\System\CurrentControlSet\Services\NWCWorkstation\Type: 04000000
HKLM\System\CurrentControlSet\Services\NWCWorkstation\Start: 02000000
HKLM\System\CurrentControlSet\Services\NWCWorkstation\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\NWCWorkstation\DisplayName: AntiVir
HKLM\System\CurrentControlSet\Services\NWCWorkstation\ImagePath: %sYSTEMrOOT%\sYSTEM32\SVCHOST.EXE -K NETSVCS
HKLM\System\CurrentControlSet\Services\NWCWorkstation\Description: Avira AntiVir
HKLM\System\CurrentControlSet\Services\NWCWorkstation\InstallModule: C:\qq.exe
HKLM\System\CurrentControlSet\Services\NWCWorkstation\Parameters\ServiceDll: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C004E005700430057006F0072006B00730074006100740069006F006E005500530041002E0064006C006C000000

Detected by UnHackMe:

QQ.EXE
Default location: C:\QQ.EXE

Dropper information:
MD5: 6554cd1227f68c40d3a29732779f41e2
File size: 130048 bytes

Leave a Reply