Encyclopedia entry
Updated:
Apr 17, 2011
| Published:
Mar 08, 2010
Aliases
W32/Malware.LOIA
(Norman)
-
Trojan.DL.Agent.TUJQ
(VirusBuster)
-
TR/Downloader.Gen
(Avira)
-
DLOADER.Trojan
(Dr.Web)
Alert Level
(?)
Severe
Antimalware protection details
Microsoft recommends that you download the
latest definitions
to get protected.
Detection initially created:
Definition: 1.77.591.0
Released: Mar 08, 2010
|
Summary
TrojanDownloader:Win32/Qaantiz.A is a trojan that can download and execute files from a remote server. It may arrive in the computer as a dropped file of
Exploit:Win32/Pidief.AX and with the file name "
a.exe".
Symptoms
System changes
The following system changes may indicate the presence of this malware:
-
The presence of the following file:
A.EXE
-
The presence of the following registry modifications:
Added value: "Adobe_RLX"
With data: "a.exe reader"
To subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Technical Information (Analysis)
TrojanDownloader:Win32/Qaantiz.A is a trojan that can download and execute files from a remote server. It may arrive in the computer as a dropped file of
Exploit:Win32/Pidief.AX and with the file name "
a.exe".
Upon execution, it ensures that it automatically runs every time Windows starts by creating the following registry entry:
Adds value: "Adobe_RLX"
With data: "a.exe reader"
To subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
It connects to the remote server "tiantian.ninth.biz" from where it can download and execute other files. It can also upload information about the infected computer to the remote server.
Analysis by Marian Radu
Prevention
Recovery
