I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
QOO.EXE – Trojan QQPass removal
| File | MD5 | Virus Alias |
|---|---|---|
| QOO.EXE | 32d64d4bd655b50bb257ff651698e52e | Trojan QQPass |
| QOO.EXE | 32d64d4bd655b50bb257ff651698e52e | Trojan SuspiciousFile |
| QOO.EXE | 32d64d4bd655b50bb257ff651698e52e | Trojan Generic |
| QOO.EXE | 32d64d4bd655b50bb257ff651698e52e | Trojan Hllw |
| QOO.EXE | 32d64d4bd655b50bb257ff651698e52e | Trojan DNAScan |
| QOO.EXE | 32d64d4bd655b50bb257ff651698e52e | Trojan Small |
QOO.EXE size: 475493 bytes
QOO.EXE hash: 32D64D4BD655B50BB257FF651698E52E
Created files:
C:\Documents and Settings\DJOJ.EXE
C:\Documents and Settings\svchost.exe
C:\filedebug
C:\HYZ.EXE
C:\QOO.EXE
C:\System Volume Information\ctfmon.exe
C:\System Volume Information\IIOBMJQ.EXE
%SysDir%\Ms7002.dll
%SysDir%\TPNHLX.EXE
Autostart registry keys:
HKLM\Software\Classes\CLSID\{7CD4138D-4147-420B-9749-00A13B526785}\InprocServer32 : %WinDir%\System32\Ms7002.dll
HKLM\Software\Classes\txtfile\shell\open\command : C:\.\HYZ.EXE %1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TXJSXR.EXE: C:\System Volume Information\ctfmon.exe
HKLM\System\CurrentControlSet\Services\NKMMTY.EXE\Type: 10010000
HKLM\System\CurrentControlSet\Services\NKMMTY.EXE\Start: 02000000
HKLM\System\CurrentControlSet\Services\NKMMTY.EXE\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\NKMMTY.EXE\DisplayName: NKMMTY.EXE
HKLM\System\CurrentControlSet\Services\NKMMTY.EXE\ImagePath: C:\Sandboxie\NKMMTY.EXE
Detected by UnHackMe:
QOO.EXE
Default location: C:\QOO.EXE
Dropper information:
MD5: 040c03113ba08997e90a59075dcd9851
File size: 474665 bytes